{/*
## Video Introduction
@@ -84,12 +106,7 @@ See Feishu/Lark development documentation [Configure Redirect URL](https://open.
### 3. Request App Permissions
-Go to **Permission Management** page, request the following permissions for the group app created in previous steps:
-
-- `im:chat`: Get and update group information
-- `im:message`: Get and send direct/group messages
-- `contact:user.id:readonly`: Get user ID by phone number or email
-- `im:message.group_msg`: Read group chat history (required for AI-generated post-mortem to access war room conversations)
+Go to the **Permission Management** page and request all permissions listed in [AI SRE Required Permissions](#aisre-permissions) for the app created in previous steps.
@@ -119,7 +136,7 @@ Feishu/Lark → Workspace → Search app name → **Open App**
## 5. Configure War Room
-> Ensure the app has been granted the [additional permissions](#war-room-scope) required for War Room functionality.
+> Ensure the app has been granted the [AI SRE required permissions](#aisre-permissions) listed at the beginning of this page.
After completing the previous steps, in the Flashduty On-call integration configuration page's **Enhanced Features** section, check **Enable War Room** to activate this feature—no additional configuration needed.
@@ -193,7 +210,7 @@ After exceeding API call limits, Feishu/Lark app cannot deliver messages properl
-- Please check again if the app has been granted the [required permissions](#war-room-scope) for War Room functionality
+- Check again that the app has been granted the [AI SRE required permissions](#aisre-permissions) listed at the beginning of this page
- See the **FAQ** section in [War Room documentation](/en/on-call/advanced/war-room)
diff --git a/en/on-call/integration/instant-messaging/slack.mdx b/en/on-call/integration/instant-messaging/slack.mdx
index 75219e6..6a29a03 100644
--- a/en/on-call/integration/instant-messaging/slack.mdx
+++ b/en/on-call/integration/instant-messaging/slack.mdx
@@ -5,6 +5,29 @@ description: "By integrating the Slack third-party app, you can receive and resp
**Plan requirement**: IM integration requires an On-call Pro or higher subscription. [Learn more](https://flashcat.cloud/flashduty/price/)
+
+
+## AI SRE Required Permissions
+
+The following list includes all permissions required when the Slack IM integration uses AI SRE, including basic notifications, War Room, AI SRE conversations, and AI-generated post-mortem reports. If you use the official Flashduty Slack app, complete authorization or re-authorization from the Flashduty page. If you use a self-managed Slack app, confirm each Bot Token Scope in Slack OAuth & Permissions.
+
+| Official permission name | Purpose |
+| :--- | :--- |
+| `chat:write` | Send alert notifications, War Room messages, AI SRE replies, and streaming message updates |
+| `app_mentions:read` | Receive AI SRE messages that mention @Flashduty in channels |
+| `im:history` | Receive and read direct messages with the Flashduty Bot |
+| `channels:history` | Read public channel history for AI SRE context and AI-generated post-mortem reports |
+| `groups:history` | Read private channel history; required when War Rooms are created as private channels |
+| `channels:manage` | Create and manage public channels |
+| `groups:write` | Create and manage private channels |
+| `groups:write.invites` | Invite members to private War Room channels |
+| `channels:read` | Read public channel metadata |
+| `groups:read` | Read private channel metadata and War Room details |
+| `users:read` | Read basic Slack user information |
+| `users:read.email` | Match and automatically link Slack users by email |
+| `reactions:write` | Add or remove confirmation reactions while AI SRE processes messages |
+| `files:read` | Download images or files sent to AI SRE in conversations |
+
## 1. Install App
@@ -30,7 +53,7 @@ Enter data source name, click **Save**.
After completing the previous steps, in the Flashduty On-call integration configuration page's **Enhanced Features** section, check **Enable War Room** to activate this feature—no additional configuration needed.
-To enable AI-generated post-mortem with war room chat history, the app requires additional `channels:history` permission. For existing Slack integrations, you need to manually re-authorize to grant this permission.
+If your Slack integration was authorized before War Room or AI SRE was released, first confirm that the [AI SRE required permissions](#aisre-permissions) have been added through re-authorization.
## 3. Linked Users
@@ -63,7 +86,7 @@ The system can only push Slack message notifications after members complete link
- Only one IM integration can have War Room enabled at a time. If you have already enabled War Room in another IM integration (such as Dingtalk, Feishu/Lark, or WeCom), you need to disable it there first before enabling it in the current Slack integration
- When enabling War Room, the system automatically verifies whether the current Slack app has all required permissions. If missing permissions are detected, a warning message appears on the page with a **Re-authorize** link
-- Click the **Re-authorize** link to be redirected to the Slack authorization page, which requests additional permissions needed for War Room functionality (including channel management, message read/write, user info reading, etc.). After completing authorization, the page automatically returns to Flashduty
+- Click the **Re-authorize** link to be redirected to the Slack authorization page, which requests the AI SRE required permissions listed at the beginning of this page (including channel management, message read/write, user info reading, etc.). After completing authorization, the page automatically returns to Flashduty
- If your Slack integration was authorized before the War Room feature was released, you will typically need to re-authorize on first use to add the new permissions. Re-authorization does not affect your existing integration configuration or user associations
@@ -103,7 +126,7 @@ Please try again. If the error persists after retry, please contact customer ser
-- For previously authorized Slack IM integrations, you need to manually re-authorize Slack in the Flashduty On-call integration configuration page for the app to obtain additional permissions required for War Room functionality
+- For previously authorized Slack IM integrations, manually re-authorize Slack in the Flashduty On-call integration configuration page so the app obtains the [AI SRE required permissions](#aisre-permissions) listed at the beginning of this page
- See the **FAQ** section in [War Room documentation](/en/on-call/advanced/war-room)
diff --git a/en/on-call/integration/instant-messaging/wecom.mdx b/en/on-call/integration/instant-messaging/wecom.mdx
index a7f08a9..3ebcf5c 100644
--- a/en/on-call/integration/instant-messaging/wecom.mdx
+++ b/en/on-call/integration/instant-messaging/wecom.mdx
@@ -5,6 +5,22 @@ description: "By integrating a WeCom third-party app, you can receive and respon
**Plan requirement**: IM integration requires an On-call Pro or higher subscription. [Learn more](https://flashcat.cloud/flashduty/price/)
+
+
+## AI SRE Required Permissions and Capabilities
+
+WeCom does not provide per-item OAuth scope names like Slack or Feishu/Lark. The following list includes all permissions and capabilities that must be enabled or configured in WeCom Admin Console when the WeCom IM integration uses AI SRE, including basic notifications, War Room, AI SRE conversations, and AI-generated post-mortem reports. Names below use WeCom console or official API names.
+
+| WeCom official name | Purpose |
+| :--- | :--- |
+| `企业自建应用` | Custom app required for AI SRE War Room creation, member invitation, and the initial AI SRE analysis in War Rooms |
+| `应用可见范围` | App visibility must cover all members who may receive notifications, link accounts, or be invited to War Rooms |
+| `基础接口权限` | Basic API permissions allow the custom app to call app message and app chat APIs |
+| `通讯录基本信息只读` | Reads basic member information and resolves WeCom `userid` by phone number or email |
+| `接收消息` | Enables the custom app to receive callbacks, card events, and message events |
+| `API 接收` | Configures the callback URL, Token, and EncodingAESKey for callback verification/decryption |
+| `智能机器人` | Smart bot supports regular AI SRE @bot conversations, streaming replies, and media decryption |
+
This documentation supports [Third-Party App Integration](#third-party) or [Custom App Integration](#self) methods.
@@ -105,6 +121,18 @@ After frontend trusted domain verification passes, configure the generated **Hom
+### Configure the AI SRE smart bot
+
+If you need AI SRE conversations in WeCom, configure a WeCom smart bot separately and fill its credentials in the Flashduty On-call WeCom integration.
+
+1. Create or open the smart bot used for AI SRE in the WeCom Admin Console.
+2. Configure the bot callback URL. Use the smart bot callback URL shown on the Flashduty On-call integration details page.
+3. Copy the smart bot `Token` and `EncodingAESKey`, then fill them in the smart bot fields of the Flashduty On-call integration configuration.
+
+
+The WeCom custom app and the smart bot are two different capability sets. War Room creation, member invitation, and the initial AI SRE analysis in a War Room rely on the custom app. Normal AI SRE @bot conversations, streaming replies, and media decryption rely on the smart bot Token and EncodingAESKey.
+
+
## 3. Configure War Room
@@ -113,6 +141,14 @@ War Room functionality is only supported in **Custom App Integration** mode.
After completing previous steps, in the Flashduty On-call integration configuration page's **Enhanced Features** section, check **Enable War Room** to activate this feature—no additional configuration needed.
+
+If War Room creation, member invitation, or message delivery does not work as expected, first check the custom app, visibility, basic API permissions, contact permissions, and callback configuration listed in [AI SRE Required Permissions and Capabilities](#aisre-permissions).
+
+
+
+When you dismiss a War Room in Flashduty On-call, Flashduty does not automatically delete the group chat already created in WeCom. If you need to clean up the WeCom group chat, handle it in WeCom manually.
+
+
Only one IM integration can have War Room enabled at a time. If you've already enabled War Room in another IM integration (such as Dingtalk, Feishu/Lark, or Slack), you need to disable it there first before enabling it in the current WeCom integration.
diff --git a/en/openapi/introduction.mdx b/en/openapi/introduction.mdx
index 52edb53..e4e98c7 100644
--- a/en/openapi/introduction.mdx
+++ b/en/openapi/introduction.mdx
@@ -9,7 +9,7 @@ Open API lets you call Flashduty via HTTP endpoints to query and manage entity d
**Not sure if you need Open API?** Flashduty offers multiple data interaction methods:
- **Open API** (this guide) — You actively call Flashduty to query or operate on data. See the [API Catalog](/en/openapi/api-catalog) for all available endpoints.
-- **Standard Alert Events** — Push alerts from your custom monitoring system to Flashduty to trigger incident handling. See [Custom Alert Events](/en/on-call/integration/alert-integration/alert-sources/standard alert).
+- **Standard Alert Events** — Push alerts from your custom monitoring system to Flashduty to trigger incident handling. See [Custom Alert Events](/en/on-call/integration/alert-integration/alert-sources/standard-alert).
- **Custom Change Events** — Push change events to correlate with incidents for root cause analysis. See [Custom Change Events](/en/on-call/integration/change-integration/custom-event).
- **Webhook Push** — Flashduty proactively pushes incident/alert event notifications to your system. See [Incident Webhook](/en/on-call/integration/webhooks/incident-webhook) and [Alert Webhook](/en/on-call/integration/webhooks/alert-webhook).
- **Custom Actions** — Trigger external operations from the incident detail page. See [Custom Actions](/en/on-call/integration/webhooks/custom-actions).
diff --git a/zh/on-call/advanced/reference-variables.mdx b/zh/on-call/advanced/reference-variables.mdx
index 0cca4bd..9a3d2f7 100644
--- a/zh/on-call/advanced/reference-variables.mdx
+++ b/zh/on-call/advanced/reference-variables.mdx
@@ -10,7 +10,7 @@ keywords: ["引用变量", "模板变量", "标签引用", "动态内容", "变
-通过告警 [Event API](/zh/on-call/integration/alert-integration/alert-sources/standard alert) 上报自定义告警事件时,可以使用 `title_rule` 字段自定义告警的标题。
+通过告警 [Event API](/zh/on-call/integration/alert-integration/alert-sources/standard-alert) 上报自定义告警事件时,可以使用 `title_rule` 字段自定义告警的标题。
在告警 Pipeline 中引用变量,实现对告警的严重程度、标题和描述等信息的修改。
diff --git a/zh/on-call/advanced/war-room.mdx b/zh/on-call/advanced/war-room.mdx
index c9410d0..18b264d 100644
--- a/zh/on-call/advanced/war-room.mdx
+++ b/zh/on-call/advanced/war-room.mdx
@@ -178,5 +178,16 @@ Flashduty On-call 作战室(War Room)是专为故障应急响应设计的自
-为了获取更完整的故障全生命周期上下文,AI 生成复盘报告需要读取作战室聊天记录。请确保您的 IM 集成已授予相应权限 —— 详见[飞书](/zh/on-call/integration/instant-messaging/lark)或 [Slack](/zh/on-call/integration/instant-messaging/slack) 集成指南。
-
\ No newline at end of file
+为了获取更完整的故障全生命周期上下文,AI SRE 和 AI 生成复盘报告需要读取作战室聊天记录或接收 IM 机器人消息。请确保您的 IM 集成已授予对应平台所需的权限。
+
+
+### IM 平台权限前置条件
+
+不同 IM 平台对作战室和 AI SRE 的开放能力要求不同。开启前,请先按对应集成指南完成权限、机器人能力和回调配置。
+
+| 平台 | 关键前置条件 |
+| :--- | :--- |
+| [飞书/Lark](/zh/on-call/integration/instant-messaging/lark) | 授予消息、群组、群历史、资源和 CardKit 权限,并订阅消息事件与卡片回调 |
+| [钉钉](/zh/on-call/integration/instant-messaging/dingtalk) | 授予群管理、机器人发消息、群信息读取和手机号找人权限,并配置应用机器人、群机器人和群模板 |
+| [企业微信](/zh/on-call/integration/instant-messaging/wecom) | 使用企业自建应用开启作战室,并确保应用可见范围、基础接口权限、通讯录授权和智能机器人凭据已配置 |
+| [Slack](/zh/on-call/integration/instant-messaging/slack) | 完成 Slack 授权或重新授权,确保应用具备消息发送、事件接收、频道历史、私有频道管理、用户信息、表情和文件读取权限 |
diff --git a/zh/on-call/incident/what-is-incident.mdx b/zh/on-call/incident/what-is-incident.mdx
index e950c1f..890ce72 100644
--- a/zh/on-call/incident/what-is-incident.mdx
+++ b/zh/on-call/incident/what-is-incident.mdx
@@ -136,7 +136,7 @@ Flashduty On-call 支持专属集成和共享集成模式:
### 通过 API 触发故障
-Flashduty On-call 提供了一个自定义事件标准,允许您通过标准协议上报告警,适用于任何未适配的监控系统。详细文档请阅读[自定义告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard alert)。
+Flashduty On-call 提供了一个自定义事件标准,允许您通过标准协议上报告警,适用于任何未适配的监控系统。详细文档请阅读[自定义告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard-alert)。
为了保证整个系统的稳定,Flashduty On-call 对每个集成的 API 上报实施频率限制(**100 次/秒**、**1000 次/分钟**),超出限制将返回 `429` 状态码,请等待后重试。详见[接入告警 - 频率限制](/zh/on-call/channel/integrate-data#频率限制)。
diff --git a/zh/on-call/integration/alert-integration/alert-sources/http-pull.mdx b/zh/on-call/integration/alert-integration/alert-sources/http-pull.mdx
index e93d861..979466f 100644
--- a/zh/on-call/integration/alert-integration/alert-sources/http-pull.mdx
+++ b/zh/on-call/integration/alert-integration/alert-sources/http-pull.mdx
@@ -4,7 +4,7 @@ description: "Flashduty 主动按周期访问外部 HTTP 接口,将返回的
keywords: ["告警集成", "HTTP Pull", "拉取", "轮询", "Polling", "数据接入"]
---
-通过配置一个 HTTP 端点,Flashduty 会按照您设定的周期主动发起请求,将响应解析为符合 [标准告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard%20alert) 协议的事件并写入告警通道。整个过程不需要您的系统具备推送能力,只要能对外暴露一个可读的告警查询接口即可。
+通过配置一个 HTTP 端点,Flashduty 会按照您设定的周期主动发起请求,将响应解析为符合 [标准告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard-alert) 协议的事件并写入告警通道。整个过程不需要您的系统具备推送能力,只要能对外暴露一个可读的告警查询接口即可。
HTTP 拉取适合 **无法主动 webhook**、**接口本身就是查询型** 或 **不希望对告警源做改造** 的场景。如果您的系统已经支持 webhook 推送,优先使用对应的推送式集成(Prometheus、Zabbix 等),延迟更低、资源开销更小。
@@ -72,7 +72,7 @@ HTTP 拉取适合 **无法主动 webhook**、**接口本身就是查询型** 或
### 响应格式
-接口响应必须符合 Flashduty 的 [标准告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard%20alert) 协议(`response_mode = standard`),核心字段包括 `event_status`、`title_rule`、`alert_key`、`description`、`labels` 等。请直接参考标准告警事件文档了解每个字段的语义与长度限制。
+接口响应必须符合 Flashduty 的 [标准告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard-alert) 协议(`response_mode = standard`),核心字段包括 `event_status`、`title_rule`、`alert_key`、`description`、`labels` 等。请直接参考标准告警事件文档了解每个字段的语义与长度限制。
启用分页时,您的响应需要在标准事件载荷之外,额外暴露一个用于提取下一页游标的字段,路径由 **游标路径** 指定。常见的形态如下:
diff --git a/zh/on-call/integration/alert-integration/alert-sources/standard alert.mdx b/zh/on-call/integration/alert-integration/alert-sources/standard-alert.mdx
similarity index 100%
rename from zh/on-call/integration/alert-integration/alert-sources/standard alert.mdx
rename to zh/on-call/integration/alert-integration/alert-sources/standard-alert.mdx
diff --git a/zh/on-call/integration/instant-messaging/dingtalk.mdx b/zh/on-call/integration/instant-messaging/dingtalk.mdx
index c4cef40..322e507 100644
--- a/zh/on-call/integration/instant-messaging/dingtalk.mdx
+++ b/zh/on-call/integration/instant-messaging/dingtalk.mdx
@@ -10,6 +10,25 @@ keywords: ["钉钉", "即时消息", "告警通知", "IM集成", "钉钉机器
本文档以钉钉开放平台新版为例。
+
+
+
+## AISRE 所需权限
+
+以下为钉钉 IM 集成在开启 AISRE(包含基础通知、作战室、AI SRE 对话和 AI 生成复盘)时需要授予的完整权限清单。进入钉钉开放平台 开发配置 → **权限管理** 页面时,请逐项申请以下官方权限名称。
+
+| 官方权限名称 | 用途 |
+| :--- | :--- |
+| `qyapi_chat_manage` | 创建或管理群聊、场景群和群成员 |
+| `qyapi_robot_sendmsg` | 向群聊或个人发送消息,发送和更新 AI SRE 卡片消息,并发送作战室初始 AI SRE 分析 |
+| `qyapi_chat_read` | 查询群聊信息和场景群信息 |
+| `qyapi_chat_base_read` | 查询群聊基础信息、二维码等基础数据 |
+| `qyapi_get_member_by_mobile` | 根据手机号获取钉钉用户,以便自动关联成员并邀请用户加入作战室 |
+
+
+钉钉当前没有稳定的接口可供 Flashduty 自动读取应用已授权权限。请在钉钉开放平台中人工确认以上权限已全部开通。
+
+
## 一、创建钉钉应用与添加钉钉集成
### 1. 创建自建应用
@@ -90,10 +109,7 @@ keywords: ["钉钉", "即时消息", "告警通知", "IM集成", "钉钉机器
### 9. 申请应用权限
-进入 开发配置 → **权限管理** 页面,为先前步骤创建的群应用申请以下权限:
-
-- `qyapi_chat_manage`:获取群聊信息
-- `qyapi_robot_sendmsg`:向群聊或个人发送消息
+进入 开发配置 → **权限管理** 页面,为先前步骤创建的群应用申请页面开头 [AISRE 所需权限](#aisre-permissions) 中列出的全部权限。
@@ -103,15 +119,13 @@ keywords: ["钉钉", "即时消息", "告警通知", "IM集成", "钉钉机器
若您无需配置作战室功能,可跳过本步骤,直接进入 [**应用发布与使用**](#publish)。
-
-
### 1. 申请应用权限
-进入 开发配置 → **权限管理** 页面,为先前步骤创建的群应用申请以下权限:
+若在前面的基础配置阶段尚未完成授权,请进入 开发配置 → **权限管理** 页面,按页面开头 [AISRE 所需权限](#aisre-permissions) 补齐全部权限。
-- `qyapi_chat_read`:获取群聊信息
-- `qyapi_chat_base_read`:获取群聊信息
-- `qyapi_get_member_by_mobile`:允许当前应用根据手机号获取钉钉用户以便邀请用户加入群聊
+
+请同时确认应用机器人、群机器人、群模板、`模板 ID` 和 `机器人 ID` 都已配置完成。
+
@@ -252,7 +266,7 @@ keywords: ["钉钉", "即时消息", "告警通知", "IM集成", "钉钉机器
-- 请再次检查是否为应用配置了作战室功能[所需权限](#war-room-scope)
+- 请再次检查是否为应用配置了页面开头列出的 [AISRE 所需权限](#aisre-permissions)
- 请参考 [作战室介绍文档](/zh/on-call/advanced/war-room) 的 **常见问题** 部分
diff --git a/zh/on-call/integration/instant-messaging/lark.mdx b/zh/on-call/integration/instant-messaging/lark.mdx
index 937748d..5ac400e 100644
--- a/zh/on-call/integration/instant-messaging/lark.mdx
+++ b/zh/on-call/integration/instant-messaging/lark.mdx
@@ -6,6 +6,28 @@ keywords: ["飞书", "Lark", "即时消息", "告警通知", "IM集成"]
**版本要求**:IM 集成需要 On-call 专业版及以上订阅。[了解更多](https://flashcat.cloud/flashduty/price/)
+
+
+
+## AISRE 所需权限
+
+以下为飞书/Lark IM 集成在开启 AISRE(包含基础通知、作战室、AI SRE 对话和 AI 生成复盘)时需要授予的完整权限清单。进入飞书/Lark 开放平台 **权限管理** 页面时,请逐项申请以下官方权限名称。
+
+| 官方权限名称 | 用途 |
+| :--- | :--- |
+| `im:chat` | 创建和管理作战室群、获取群信息、添加群成员 |
+| `im:message` | 读取和发送单聊、群组消息 |
+| `im:message:send_as_bot` | 以机器人身份发送 AI SRE 回复和作战室消息 |
+| `im:message:update` | 更新应用已发送的消息,用于 AI SRE 流式回复更新 |
+| `im:message.group_msg` | 读取群聊历史消息;AI SRE 上下文和 AI 生成复盘报告需要该权限 |
+| `im:message.reactions:read` | 查询消息表情反应,用于 AI SRE 处理状态确认 |
+| `im:message.reactions:write_only` | 添加或删除消息表情反应,用于 AI SRE 处理状态确认 |
+| `im:resource` | 上传和下载消息中的图片、文件等资源 |
+| `cardkit:card:write` | 创建和更新 CardKit 卡片,用于 AI SRE 流式回复 |
+| `contact:user.id:readonly` | 通过手机号或邮箱获取用户 ID,用于自动关联和邀请成员 |
+| `contact:contact.base:readonly` | 获取通讯录基本信息,用于读取用户和部门基础资料 |
+| `contact:user.base:readonly` | 获取用户基础信息,用于显示发送者名称 |
+
{/*
## 视频介绍
@@ -85,12 +107,7 @@ keywords: ["飞书", "Lark", "即时消息", "告警通知", "IM集成"]
### 3. 申请应用权限
-进入 **权限管理** 页面,为先前步骤创建的群应用申请以下权限:
-
-- `im:chat`:获取与更新群组信息
-- `im:message`:获取与发送单聊、群组消息
-- `contact:user.id:readonly`:通过手机号或邮箱获取用户 ID
-- `im:message.group_msg`:读取群聊历史消息(AI 生成复盘报告需要读取作战室聊天记录)
+进入 **权限管理** 页面,为先前步骤创建的群应用申请页面开头 [AISRE 所需权限](#aisre-permissions) 中列出的全部权限。
@@ -120,7 +137,7 @@ keywords: ["飞书", "Lark", "即时消息", "告警通知", "IM集成"]
## 五、配置作战室
-> 确保应用已被授权使用作战室功能所需的[额外权限](#war-room-scope)。
+> 确保应用已被授权使用页面开头列出的 [AISRE 所需权限](#aisre-permissions)。
完成先前步骤后,在 Flashduty On-call 集成配置页面的 **增强功能** 模块,勾选 **开启作战室** 即可启用该功能,无需额外配置。
@@ -194,7 +211,7 @@ keywords: ["飞书", "Lark", "即时消息", "告警通知", "IM集成"]
-- 请再次检查是否为应用配置了作战室功能[所需权限](#war-room-scope)
+- 请再次检查是否为应用配置了页面开头列出的 [AISRE 所需权限](#aisre-permissions)
- 请参考 [作战室介绍文档](/zh/on-call/advanced/war-room) 的 **常见问题** 部分
diff --git a/zh/on-call/integration/instant-messaging/slack.mdx b/zh/on-call/integration/instant-messaging/slack.mdx
index 23ce70c..f8297b8 100644
--- a/zh/on-call/integration/instant-messaging/slack.mdx
+++ b/zh/on-call/integration/instant-messaging/slack.mdx
@@ -6,6 +6,29 @@ keywords: ["Slack", "即时消息", "告警通知", "IM集成", "协作工具"]
**版本要求**:IM 集成需要 On-call 专业版及以上订阅。[了解更多](https://flashcat.cloud/flashduty/price/)
+
+
+## AISRE 所需权限
+
+以下为 Slack IM 集成在开启 AISRE(包含基础通知、作战室、AI SRE 对话和 AI 生成复盘)时需要授予的完整权限清单。使用 Flashduty 官方 Slack 应用时,请按页面提示授权或重新授权;使用自建 Slack 应用时,请在 Slack OAuth & Permissions 中逐项确认以下 Bot Token Scopes。
+
+| 官方权限名称 | 用途 |
+| :--- | :--- |
+| `chat:write` | 发送告警通知、作战室消息、AI SRE 回复,并更新流式回复消息 |
+| `app_mentions:read` | 接收频道中 @Flashduty 的 AI SRE 消息 |
+| `im:history` | 接收并读取与 Flashduty Bot 的私聊消息 |
+| `channels:history` | 读取公开频道历史,用于 AI SRE 上下文和 AI 生成复盘报告 |
+| `groups:history` | 读取私有频道历史;作战室创建的是私有频道时需要该权限 |
+| `channels:manage` | 创建和管理公开频道 |
+| `groups:write` | 创建和管理私有频道 |
+| `groups:write.invites` | 邀请成员加入私有作战室频道 |
+| `channels:read` | 读取公开频道基础信息 |
+| `groups:read` | 读取私有频道基础信息和作战室详情 |
+| `users:read` | 读取 Slack 用户基础信息 |
+| `users:read.email` | 通过邮箱匹配并自动关联 Slack 用户 |
+| `reactions:write` | AI SRE 处理消息时添加或移除确认表情 |
+| `files:read` | 下载用户在对话中发送给 AI SRE 的图片或文件 |
+
## 一、安装应用
@@ -31,7 +54,7 @@ keywords: ["Slack", "即时消息", "告警通知", "IM集成", "协作工具"]
完成先前步骤后,在 Flashduty On-call 集成配置页面的 **增强功能** 模块,勾选 **开启作战室** 即可启用该功能,无需额外配置。
-若需启用 AI 生成复盘报告(读取作战室聊天记录),应用需要额外的 `channels:history` 权限。对于已授权的 Slack 集成,您需要手动重新授权以获取该权限。
+如果您的 Slack 集成是在作战室或 AISRE 功能上线之前完成授权的,请先确认页面开头的 [AISRE 所需权限](#aisre-permissions) 已通过重新授权补齐。
## 三、关联用户
@@ -64,7 +87,7 @@ keywords: ["Slack", "即时消息", "告警通知", "IM集成", "协作工具"]
- 同一时间仅支持在一个 IM 集成中开启作战室功能。如果您已在其他 IM 集成(如钉钉、飞书、企业微信)中启用了作战室,需要先在该集成中关闭后,才能在当前 Slack 集成中开启
- 开启作战室时,系统会自动验证当前 Slack 应用是否具备作战室所需的全部权限。如果检测到缺少必要权限,页面会显示一条警告提示,并提供 **重新授权** 链接
-- 点击 **重新授权** 链接后,系统会跳转到 Slack 授权页面,请求作战室功能所需的额外权限(包括频道管理、消息读写、用户信息读取等)。完成授权后,页面会自动返回 Flashduty
+- 点击 **重新授权** 链接后,系统会跳转到 Slack 授权页面,请求页面开头列出的 AISRE 所需权限(包括频道管理、消息读写、用户信息读取等)。完成授权后,页面会自动返回 Flashduty
- 如果您的 Slack 集成是在作战室功能上线之前完成授权的,首次开启时通常需要重新授权以补充新增权限。重新授权不会影响已有的集成配置和用户关联
@@ -104,7 +127,7 @@ keywords: ["Slack", "即时消息", "告警通知", "IM集成", "协作工具"]
-- 对于之前授权的 Slack IM 集成,需要您在 Flashduty On-call 集成配置页中对 Slack 手动进行重新授权,以使应用获得作战室功能所需的额外权限
+- 对于之前授权的 Slack IM 集成,需要您在 Flashduty On-call 集成配置页中对 Slack 手动进行重新授权,以使应用获得页面开头列出的 [AISRE 所需权限](#aisre-permissions)
- 请参考 [作战室介绍文档](/zh/on-call/advanced/war-room) 的 **常见问题** 部分
diff --git a/zh/on-call/integration/instant-messaging/wecom.mdx b/zh/on-call/integration/instant-messaging/wecom.mdx
index 88e300c..e88c060 100644
--- a/zh/on-call/integration/instant-messaging/wecom.mdx
+++ b/zh/on-call/integration/instant-messaging/wecom.mdx
@@ -6,6 +6,22 @@ keywords: ["企业微信", "WeCom", "即时消息", "告警通知", "IM集成"]
**版本要求**:IM 集成需要 On-call 专业版及以上订阅。[了解更多](https://flashcat.cloud/flashduty/price/)
+
+
+## AISRE 所需权限和能力
+
+企业微信没有类似 Slack、飞书/Lark 的逐项 OAuth scope 名称。以下为企业微信 IM 集成在开启 AISRE(包含基础通知、作战室、AI SRE 对话和 AI 生成复盘)时,需要在企业微信管理后台开通或配置的完整权限和能力清单;名称均使用企业微信后台或官方接口中的名称。
+
+| 企业微信官方名称 | 用途 |
+| :--- | :--- |
+| `企业自建应用` | AISRE 作战室创建、邀请成员和作战室初始 AI SRE 分析必须使用自建应用模式 |
+| `应用可见范围` | 需要覆盖所有可能接收通知、关联账号或被拉入作战室的成员 |
+| `基础接口权限` | 允许自建应用调用应用消息、应用群聊等基础接口 |
+| `通讯录基本信息只读` | 读取成员基础信息,并按手机号或邮箱解析企业微信 `userid` |
+| `接收消息` | 开启自建应用接收回调、卡片事件和消息事件的能力 |
+| `API 接收` | 配置回调地址、Token 和 EncodingAESKey,并完成回调校验解密 |
+| `智能机器人` | 支持普通 AI SRE @机器人对话、流式回复和媒体解密 |
+
本文档支持 [集成第三方应用](#third-party) 或 [集成企业自建应用](#self) 两种方式。
@@ -106,6 +122,18 @@ Flashduty 作为企业微信服务商,为您提供 Flashduty 应用的长期
+### 配置 AI SRE 智能机器人
+
+如果需要在企业微信中使用 AI SRE 对话能力,请额外配置企业微信智能机器人,并将机器人凭据填写到 Flashduty On-call 企业微信集成中。
+
+1. 在企业微信管理后台创建或进入用于 AI SRE 的智能机器人。
+2. 配置机器人回调地址。回调地址请使用 Flashduty On-call 集成详情页展示的智能机器人回调地址。
+3. 复制智能机器人的 `Token` 和 `EncodingAESKey`,并填写到 Flashduty On-call 集成配置中的智能机器人相关字段。
+
+
+企业微信自建应用和智能机器人是两套不同的能力。作战室建群、加人和作战室内初始 AI SRE 分析依赖自建应用;普通 AI SRE @机器人对话、流式回复和媒体解密依赖智能机器人 Token 与 EncodingAESKey。
+
+
## 三、配置作战室
@@ -114,6 +142,14 @@ Flashduty 作为企业微信服务商,为您提供 Flashduty 应用的长期
完成先前步骤后,在 Flashduty On-call 集成配置页面的 **增强功能** 模块,勾选 **开启作战室** 即可启用该功能,无需额外配置。
+
+如遇作战室创建、加人或消息发送异常,请优先核对页面开头 [AISRE 所需权限和能力](#aisre-permissions) 中列出的自建应用、可见范围、基础接口权限、通讯录权限和回调配置。
+
+
+
+在 Flashduty On-call 中解散作战室时,不会自动删除企业微信中已经创建的群聊。如需清理企业微信侧群聊,请在企业微信中手动处理。
+
+
同一时间仅支持在一个 IM 集成中开启作战室功能。如果你已在其他 IM 集成(如钉钉、飞书、Slack)中启用了作战室,需要先在该集成中关闭后,才能在当前企业微信集成中开启。
@@ -196,4 +232,4 @@ Mac 桌面端默认使用企业微信的内置浏览器打开链接。您可以
请确认**应用主页**的 URL 中的 `redirect_uri` 参数中的域名是否完成企业微信要求的域名归属认证,详见企业微信官方文档 [《企业内部开发配置域名指引》](https://open.work.weixin.qq.com/wwopen/common/readDocument/40754)。
-
\ No newline at end of file
+
diff --git a/zh/openapi/introduction.mdx b/zh/openapi/introduction.mdx
index 1b20fdc..f237c93 100644
--- a/zh/openapi/introduction.mdx
+++ b/zh/openapi/introduction.mdx
@@ -10,7 +10,7 @@ Open API 用于通过 HTTP 接口主动调用 Flashduty,查询和管理故障
**不确定是否需要 Open API?** Flashduty 提供多种数据交互方式:
- **Open API**(本文档)— 您主动调用 Flashduty,查询或操作数据。查看 [API 总览](/zh/openapi/api-catalog) 了解全部接口。
-- **标准告警事件** — 将自研监控系统的告警推送到 Flashduty,触发故障处理流程。详见[自定义告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard alert)。
+- **标准告警事件** — 将自研监控系统的告警推送到 Flashduty,触发故障处理流程。详见[自定义告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard-alert)。
- **自定义变更事件** — 推送变更事件关联故障,辅助根因分析。详见[自定义变更事件](/zh/on-call/integration/change-integration/custom-event)。
- **Webhook 推送** — Flashduty 主动向您的系统推送故障/告警事件通知。详见[故障 Webhook](/zh/on-call/integration/webhooks/incident-webhook) 和[告警 Webhook](/zh/on-call/integration/webhooks/alert-webhook)。
- **自定义操作** — 在故障详情页触发外部操作。详见[自定义操作](/zh/on-call/integration/webhooks/custom-actions)。