From 80a10febdcacb23d4470c5d034cb002bbc90843b Mon Sep 17 00:00:00 2001 From: debidong <1953531014@qq.com> Date: Wed, 3 Jun 2026 15:50:52 +0800 Subject: [PATCH 1/3] docs: update IM permissions for AISRE war rooms --- en/on-call/advanced/war-room.mdx | 13 ++++++++++- .../alert-sources/http-pull.mdx | 4 ++-- .../instant-messaging/dingtalk.mdx | 19 +++++++++++---- .../integration/instant-messaging/lark.mdx | 19 +++++++++++---- .../integration/instant-messaging/slack.mdx | 23 +++++++++++++++++++ .../integration/instant-messaging/wecom.mdx | 20 ++++++++++++++++ zh/on-call/advanced/war-room.mdx | 15 ++++++++++-- .../alert-sources/http-pull.mdx | 4 ++-- .../instant-messaging/dingtalk.mdx | 19 +++++++++++---- .../integration/instant-messaging/lark.mdx | 19 +++++++++++---- .../integration/instant-messaging/slack.mdx | 23 +++++++++++++++++++ .../integration/instant-messaging/wecom.mdx | 22 +++++++++++++++++- 12 files changed, 174 insertions(+), 26 deletions(-) diff --git a/en/on-call/advanced/war-room.mdx b/en/on-call/advanced/war-room.mdx index e12e836..8397f31 100644 --- a/en/on-call/advanced/war-room.mdx +++ b/en/on-call/advanced/war-room.mdx @@ -177,5 +177,16 @@ Based on **War Room** functionality and existing **Intelligent Grouping** and ** -To build a more comprehensive context of the incident's full lifecycle, AI-generated post-mortem reads war room chat history. Ensure your IM integration has been granted the necessary permissions — see [Feishu/Lark](/en/on-call/integration/instant-messaging/lark) or [Slack](/en/on-call/integration/instant-messaging/slack) integration guides for details. +To build a more comprehensive context of the incident's full lifecycle, AI SRE and AI-generated post-mortem need to read War Room chat history or receive IM bot messages. Make sure your IM integration has the required permissions for the corresponding platform. + +### IM platform prerequisites + +Each IM platform has different capability requirements for War Room and AI SRE. Before enabling the feature, complete the required permissions, bot capabilities, and callback configuration in the corresponding integration guide. + +| Platform | Key prerequisites | +| :--- | :--- | +| [Feishu/Lark](/en/on-call/integration/instant-messaging/lark) | Grant message, chat, group history, resource, and CardKit permissions, and subscribe to message events and card callbacks | +| [Dingtalk](/en/on-call/integration/instant-messaging/dingtalk) | Grant group management, bot messaging, group information, and phone-number lookup permissions, and configure the app bot, group bot, and group template | +| [WeCom](/en/on-call/integration/instant-messaging/wecom) | Use a custom app for War Room, and make sure app visibility, basic API permissions, contact authorization, and smart bot credentials are configured | +| [Slack](/en/on-call/integration/instant-messaging/slack) | Complete Slack authorization or re-authorization so the app has message sending, event receiving, channel history, private-channel management, user info, reaction, and file-read permissions | diff --git a/en/on-call/integration/alert-integration/alert-sources/http-pull.mdx b/en/on-call/integration/alert-integration/alert-sources/http-pull.mdx index 02d5700..64392a9 100644 --- a/en/on-call/integration/alert-integration/alert-sources/http-pull.mdx +++ b/en/on-call/integration/alert-integration/alert-sources/http-pull.mdx @@ -4,7 +4,7 @@ description: "Flashduty periodically polls an external HTTP endpoint and ingests keywords: ["Alert Integration", "HTTP Pull", "Polling", "Cursor Pagination", "Data Ingestion"] --- -By configuring an HTTP endpoint, Flashduty issues a request on the schedule you define and parses the response into events conforming to the [Standard Alert Event](/en/on-call/integration/alert-integration/alert-sources/standard%20alert) protocol, which are then written into the alert channel. Your system does not need to support push delivery — it only needs to expose a readable alert query endpoint. +By configuring an HTTP endpoint, Flashduty issues a request on the schedule you define and parses the response into events conforming to the [Standard Alert Event](/en/on-call/integration/alert-integration/alert-sources/standard alert) protocol, which are then written into the alert channel. Your system does not need to support push delivery — it only needs to expose a readable alert query endpoint. :::tips HTTP Pull is the right choice when your source **cannot send webhooks**, **is query-only by nature**, or when you **do not want to modify the upstream system**. If your system already supports webhook delivery, prefer the corresponding push-based integration (Prometheus, Zabbix, etc.) — it has lower latency and a smaller resource footprint. @@ -74,7 +74,7 @@ External systems use different field names and values for alert severity. **Seve ### Response Format -The response must conform to Flashduty's [Standard Alert Event](/en/on-call/integration/alert-integration/alert-sources/standard%20alert) protocol (`response_mode = standard`). Key fields include `event_status`, `title_rule`, `alert_key`, `description`, `labels`, etc. Refer to the Standard Alert Event documentation for the semantics and length limits of each field. +The response must conform to Flashduty's [Standard Alert Event](/en/on-call/integration/alert-integration/alert-sources/standard alert) protocol (`response_mode = standard`). Key fields include `event_status`, `title_rule`, `alert_key`, `description`, `labels`, etc. Refer to the Standard Alert Event documentation for the semantics and length limits of each field. When pagination is enabled, the response must additionally expose a field for the next-page cursor, located at the path you set in **Cursor Path**. A typical shape: diff --git a/en/on-call/integration/instant-messaging/dingtalk.mdx b/en/on-call/integration/instant-messaging/dingtalk.mdx index 86cfffc..dd30d42 100644 --- a/en/on-call/integration/instant-messaging/dingtalk.mdx +++ b/en/on-call/integration/instant-messaging/dingtalk.mdx @@ -91,8 +91,10 @@ Configure **App Homepage URL** and **PC Homepage URL** using the `App Homepage U Go to Development Configuration → **Permission Management** page, request the following permissions for the group app created in previous steps: -- `qyapi_chat_manage`: Get group chat information -- `qyapi_robot_sendmsg`: Send messages to group chats or individuals +| Permission | Purpose | +| :--- | :--- | +| `qyapi_chat_manage` | Create or manage group chats, scene groups, and group members | +| `qyapi_robot_sendmsg` | Send messages to group chats or individuals, and send or update AI SRE card messages | ![2025-09-18-15-20-36](https://docs-cdn.flashcat.cloud/images/png/4417440194002a011e2feca5fa5c9469.png) @@ -108,9 +110,16 @@ If you don't need War Room functionality, skip this step and proceed directly to Go to Development Configuration → **Permission Management** page, request the following permissions for the group app created in previous steps: -- `qyapi_chat_read`: Get group chat information -- `qyapi_chat_base_read`: Get group chat information -- `qyapi_get_member_by_mobile`: Allow the current app to get Dingtalk users by phone number for inviting users to join group chats +| Permission | Purpose | +| :--- | :--- | +| `qyapi_chat_read` | Query group chat and scene group information | +| `qyapi_chat_base_read` | Query basic group chat information, QR codes, and related metadata | +| `qyapi_get_member_by_mobile` | Get Dingtalk users by phone number for automatic linking and War Room member invitation | +| `qyapi_robot_sendmsg` | Send the initial AI SRE analysis after War Room creation and reply to AI SRE conversations through the bot | + + +Dingtalk does not currently provide a stable API for Flashduty to read all granted app permissions. Manually confirm that these permissions, the app bot, the group bot, the group template, the `Template ID`, and the `Bot ID` are all configured in Dingtalk Open Platform. + ![2025-09-18-15-21-28](https://docs-cdn.flashcat.cloud/images/png/39142395390ce09726e3a95991549116.png) diff --git a/en/on-call/integration/instant-messaging/lark.mdx b/en/on-call/integration/instant-messaging/lark.mdx index 728e881..f01890b 100644 --- a/en/on-call/integration/instant-messaging/lark.mdx +++ b/en/on-call/integration/instant-messaging/lark.mdx @@ -86,10 +86,21 @@ See Feishu/Lark development documentation [Configure Redirect URL](https://open. Go to **Permission Management** page, request the following permissions for the group app created in previous steps: -- `im:chat`: Get and update group information -- `im:message`: Get and send direct/group messages -- `contact:user.id:readonly`: Get user ID by phone number or email -- `im:message.group_msg`: Read group chat history (required for AI-generated post-mortem to access war room conversations) + + +| Permission | Purpose | +| :--- | :--- | +| `im:chat` | Create and manage War Room chats, get chat information, and add chat members | +| `im:message` | Get and send direct and group messages | +| `im:message:send_as_bot` | Send AI SRE replies and War Room messages as the bot | +| `im:message.group_msg` | Read group chat history; required for AI SRE context and AI-generated post-mortem reports | +| `im:resource` or `im:resource:upload` | Upload and download images, files, and other message resources | +| `cardkit:card:write` | Create and update CardKit cards for AI SRE streaming replies | +| `contact:user.id:readonly` | Get user IDs by phone number or email for automatic linking and member invitation | + + +If the Feishu/Lark permission page asks you to configure contact field permissions, grant read access to basic user information so Flashduty can display sender names and match users. + ![2025-09-18-10-55-14](https://docs-cdn.flashcat.cloud/images/png/d919be62107f6b9d0c662f440d620e61.png) diff --git a/en/on-call/integration/instant-messaging/slack.mdx b/en/on-call/integration/instant-messaging/slack.mdx index 75219e6..e468560 100644 --- a/en/on-call/integration/instant-messaging/slack.mdx +++ b/en/on-call/integration/instant-messaging/slack.mdx @@ -33,6 +33,29 @@ After completing the previous steps, in the Flashduty On-call integration config To enable AI-generated post-mortem with war room chat history, the app requires additional `channels:history` permission. For existing Slack integrations, you need to manually re-authorize to grant this permission. +### Required permissions + +When you enable War Room or use AI SRE, the Slack app needs the following permissions. Flashduty checks part of the permission set when you enable War Room. If the page shows missing permissions, click **Re-authorize**. + +| Permission | Purpose | +| :--- | :--- | +| `chat:write` | Send alert notifications, War Room messages, AI SRE replies, and streaming message updates | +| `app_mentions:read` | Receive AI SRE messages that mention @Flashduty in channels | +| `im:history` | Receive and read direct messages with the Flashduty Bot | +| `channels:history` | Read public channel history for AI SRE context and AI-generated post-mortem reports | +| `groups:history` | Read private channel history; required when War Rooms are created as private channels | +| `channels:manage` | Create and manage War Room channels | +| `groups:write` or equivalent private-channel management permission | Create, invite members to, or archive private War Room channels | +| `channels:read` / `groups:read` | Read channel metadata and War Room details | +| `users:read` | Read basic Slack user information | +| `users:read.email` | Match and automatically link Slack users by email | +| `reactions:write` | Add or remove confirmation reactions while AI SRE processes messages | +| `files:read` | Download images or files sent to AI SRE in conversations | + + +If you use the official Flashduty Slack app, you only need to complete authorization or re-authorization from the Flashduty page. Review the permission list item by item only when you use a self-managed Slack app or need an internal app permission review. + + ## 3. Linked Users In the **Linked Users** tab of the integration detail page, you can view the linking status between team members and Slack accounts, and quickly complete batch linking. diff --git a/en/on-call/integration/instant-messaging/wecom.mdx b/en/on-call/integration/instant-messaging/wecom.mdx index a7f08a9..7a99860 100644 --- a/en/on-call/integration/instant-messaging/wecom.mdx +++ b/en/on-call/integration/instant-messaging/wecom.mdx @@ -105,6 +105,18 @@ After frontend trusted domain verification passes, configure the generated **Hom ![2025-10-14-20-26-45](https://docs-cdn.flashcat.cloud/images/png/fe3b2b788dda5d331148ba0946631b91.png) +### Configure the AI SRE smart bot + +If you need AI SRE conversations in WeCom, configure a WeCom smart bot separately and fill its credentials in the Flashduty On-call WeCom integration. + +1. Create or open the smart bot used for AI SRE in the WeCom Admin Console. +2. Configure the bot callback URL. Use the smart bot callback URL shown on the Flashduty On-call integration details page. +3. Copy the smart bot `Token` and `EncodingAESKey`, then fill them in the smart bot fields of the Flashduty On-call integration configuration. + + +The WeCom custom app and the smart bot are two different capability sets. War Room creation, member invitation, and the initial AI SRE analysis in a War Room rely on the custom app. Normal AI SRE @bot conversations, streaming replies, and media decryption rely on the smart bot Token and EncodingAESKey. + + ## 3. Configure War Room @@ -113,6 +125,14 @@ War Room functionality is only supported in **Custom App Integration** mode. After completing previous steps, in the Flashduty On-call integration configuration page's **Enhanced Features** section, check **Enable War Room** to activate this feature—no additional configuration needed. + +Make sure the custom app **Visibility** covers all members who may be invited to War Rooms. WeCom does not provide a Slack-like or Feishu/Lark-like per-scope list. War Room creation, member invitation, and message delivery mainly depend on app visibility, basic API permissions, contact authorization, and callback configuration. + + + +When you dismiss a War Room in Flashduty On-call, Flashduty does not automatically delete the group chat already created in WeCom. If you need to clean up the WeCom group chat, handle it in WeCom manually. + + Only one IM integration can have War Room enabled at a time. If you've already enabled War Room in another IM integration (such as Dingtalk, Feishu/Lark, or Slack), you need to disable it there first before enabling it in the current WeCom integration. diff --git a/zh/on-call/advanced/war-room.mdx b/zh/on-call/advanced/war-room.mdx index c9410d0..18b264d 100644 --- a/zh/on-call/advanced/war-room.mdx +++ b/zh/on-call/advanced/war-room.mdx @@ -178,5 +178,16 @@ Flashduty On-call 作战室(War Room)是专为故障应急响应设计的自 -为了获取更完整的故障全生命周期上下文,AI 生成复盘报告需要读取作战室聊天记录。请确保您的 IM 集成已授予相应权限 —— 详见[飞书](/zh/on-call/integration/instant-messaging/lark)或 [Slack](/zh/on-call/integration/instant-messaging/slack) 集成指南。 - \ No newline at end of file +为了获取更完整的故障全生命周期上下文,AI SRE 和 AI 生成复盘报告需要读取作战室聊天记录或接收 IM 机器人消息。请确保您的 IM 集成已授予对应平台所需的权限。 + + +### IM 平台权限前置条件 + +不同 IM 平台对作战室和 AI SRE 的开放能力要求不同。开启前,请先按对应集成指南完成权限、机器人能力和回调配置。 + +| 平台 | 关键前置条件 | +| :--- | :--- | +| [飞书/Lark](/zh/on-call/integration/instant-messaging/lark) | 授予消息、群组、群历史、资源和 CardKit 权限,并订阅消息事件与卡片回调 | +| [钉钉](/zh/on-call/integration/instant-messaging/dingtalk) | 授予群管理、机器人发消息、群信息读取和手机号找人权限,并配置应用机器人、群机器人和群模板 | +| [企业微信](/zh/on-call/integration/instant-messaging/wecom) | 使用企业自建应用开启作战室,并确保应用可见范围、基础接口权限、通讯录授权和智能机器人凭据已配置 | +| [Slack](/zh/on-call/integration/instant-messaging/slack) | 完成 Slack 授权或重新授权,确保应用具备消息发送、事件接收、频道历史、私有频道管理、用户信息、表情和文件读取权限 | diff --git a/zh/on-call/integration/alert-integration/alert-sources/http-pull.mdx b/zh/on-call/integration/alert-integration/alert-sources/http-pull.mdx index e93d861..aa2a506 100644 --- a/zh/on-call/integration/alert-integration/alert-sources/http-pull.mdx +++ b/zh/on-call/integration/alert-integration/alert-sources/http-pull.mdx @@ -4,7 +4,7 @@ description: "Flashduty 主动按周期访问外部 HTTP 接口,将返回的 keywords: ["告警集成", "HTTP Pull", "拉取", "轮询", "Polling", "数据接入"] --- -通过配置一个 HTTP 端点,Flashduty 会按照您设定的周期主动发起请求,将响应解析为符合 [标准告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard%20alert) 协议的事件并写入告警通道。整个过程不需要您的系统具备推送能力,只要能对外暴露一个可读的告警查询接口即可。 +通过配置一个 HTTP 端点,Flashduty 会按照您设定的周期主动发起请求,将响应解析为符合 [标准告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard alert) 协议的事件并写入告警通道。整个过程不需要您的系统具备推送能力,只要能对外暴露一个可读的告警查询接口即可。 HTTP 拉取适合 **无法主动 webhook**、**接口本身就是查询型** 或 **不希望对告警源做改造** 的场景。如果您的系统已经支持 webhook 推送,优先使用对应的推送式集成(Prometheus、Zabbix 等),延迟更低、资源开销更小。 @@ -72,7 +72,7 @@ HTTP 拉取适合 **无法主动 webhook**、**接口本身就是查询型** 或 ### 响应格式 -接口响应必须符合 Flashduty 的 [标准告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard%20alert) 协议(`response_mode = standard`),核心字段包括 `event_status`、`title_rule`、`alert_key`、`description`、`labels` 等。请直接参考标准告警事件文档了解每个字段的语义与长度限制。 +接口响应必须符合 Flashduty 的 [标准告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard alert) 协议(`response_mode = standard`),核心字段包括 `event_status`、`title_rule`、`alert_key`、`description`、`labels` 等。请直接参考标准告警事件文档了解每个字段的语义与长度限制。 启用分页时,您的响应需要在标准事件载荷之外,额外暴露一个用于提取下一页游标的字段,路径由 **游标路径** 指定。常见的形态如下: diff --git a/zh/on-call/integration/instant-messaging/dingtalk.mdx b/zh/on-call/integration/instant-messaging/dingtalk.mdx index c4cef40..20bdf4f 100644 --- a/zh/on-call/integration/instant-messaging/dingtalk.mdx +++ b/zh/on-call/integration/instant-messaging/dingtalk.mdx @@ -92,8 +92,10 @@ keywords: ["钉钉", "即时消息", "告警通知", "IM集成", "钉钉机器 进入 开发配置 → **权限管理** 页面,为先前步骤创建的群应用申请以下权限: -- `qyapi_chat_manage`:获取群聊信息 -- `qyapi_robot_sendmsg`:向群聊或个人发送消息 +| 权限 | 用途 | +| :--- | :--- | +| `qyapi_chat_manage` | 创建或管理群聊、场景群和群成员 | +| `qyapi_robot_sendmsg` | 向群聊或个人发送消息,发送和更新 AI SRE 卡片消息 | ![2025-09-18-15-20-36](https://docs-cdn.flashcat.cloud/images/png/4417440194002a011e2feca5fa5c9469.png) @@ -109,9 +111,16 @@ keywords: ["钉钉", "即时消息", "告警通知", "IM集成", "钉钉机器 进入 开发配置 → **权限管理** 页面,为先前步骤创建的群应用申请以下权限: -- `qyapi_chat_read`:获取群聊信息 -- `qyapi_chat_base_read`:获取群聊信息 -- `qyapi_get_member_by_mobile`:允许当前应用根据手机号获取钉钉用户以便邀请用户加入群聊 +| 权限 | 用途 | +| :--- | :--- | +| `qyapi_chat_read` | 查询群聊信息和场景群信息 | +| `qyapi_chat_base_read` | 查询群聊基础信息、二维码等基础数据 | +| `qyapi_get_member_by_mobile` | 根据手机号获取钉钉用户,以便自动关联成员并邀请用户加入作战室 | +| `qyapi_robot_sendmsg` | 作战室创建后发送初始 AI SRE 分析,并通过机器人消息回复 AI SRE 会话 | + + +钉钉当前没有稳定的接口可供 Flashduty 自动读取应用已授权权限。请在钉钉开放平台中人工确认以上权限、应用机器人、群机器人、群模板、`模板 ID` 和 `机器人 ID` 都已配置完成。 + ![2025-09-18-15-21-28](https://docs-cdn.flashcat.cloud/images/png/39142395390ce09726e3a95991549116.png) diff --git a/zh/on-call/integration/instant-messaging/lark.mdx b/zh/on-call/integration/instant-messaging/lark.mdx index 937748d..80f8445 100644 --- a/zh/on-call/integration/instant-messaging/lark.mdx +++ b/zh/on-call/integration/instant-messaging/lark.mdx @@ -87,10 +87,21 @@ keywords: ["飞书", "Lark", "即时消息", "告警通知", "IM集成"] 进入 **权限管理** 页面,为先前步骤创建的群应用申请以下权限: -- `im:chat`:获取与更新群组信息 -- `im:message`:获取与发送单聊、群组消息 -- `contact:user.id:readonly`:通过手机号或邮箱获取用户 ID -- `im:message.group_msg`:读取群聊历史消息(AI 生成复盘报告需要读取作战室聊天记录) + + +| 权限 | 用途 | +| :--- | :--- | +| `im:chat` | 创建和管理作战室群、获取群信息、添加群成员 | +| `im:message` | 获取和发送单聊、群组消息 | +| `im:message:send_as_bot` | 以机器人身份发送 AI SRE 回复和作战室消息 | +| `im:message.group_msg` | 读取群聊历史消息;AI SRE 上下文和 AI 生成复盘报告需要该权限 | +| `im:resource` 或 `im:resource:upload` | 上传和下载消息中的图片、文件等资源 | +| `cardkit:card:write` | 创建和更新 CardKit 卡片,用于 AI SRE 流式回复 | +| `contact:user.id:readonly` | 通过手机号或邮箱获取用户 ID,用于自动关联和邀请成员 | + + +如果飞书/Lark 权限页面要求配置通讯录字段权限,请授予读取用户基础信息的权限,以便 Flashduty 显示发送者名称并完成用户匹配。 + ![2025-09-18-10-55-14](https://docs-cdn.flashcat.cloud/images/png/d919be62107f6b9d0c662f440d620e61.png) diff --git a/zh/on-call/integration/instant-messaging/slack.mdx b/zh/on-call/integration/instant-messaging/slack.mdx index 23ce70c..745dc7a 100644 --- a/zh/on-call/integration/instant-messaging/slack.mdx +++ b/zh/on-call/integration/instant-messaging/slack.mdx @@ -34,6 +34,29 @@ keywords: ["Slack", "即时消息", "告警通知", "IM集成", "协作工具"] 若需启用 AI 生成复盘报告(读取作战室聊天记录),应用需要额外的 `channels:history` 权限。对于已授权的 Slack 集成,您需要手动重新授权以获取该权限。 +### 权限说明 + +开启作战室或使用 AI SRE 时,Slack 应用需要具备以下权限。Flashduty 会在开启作战室时自动检查部分权限;如果页面提示缺少权限,请点击 **重新授权**。 + +| 权限 | 用途 | +| :--- | :--- | +| `chat:write` | 发送告警通知、作战室消息、AI SRE 回复,并更新流式回复消息 | +| `app_mentions:read` | 接收频道中 @Flashduty 的 AI SRE 消息 | +| `im:history` | 接收并读取与 Flashduty Bot 的私聊消息 | +| `channels:history` | 读取公开频道历史,用于 AI SRE 上下文和 AI 生成复盘报告 | +| `groups:history` | 读取私有频道历史;作战室创建的是私有频道时需要该权限 | +| `channels:manage` | 创建和管理作战室频道 | +| `groups:write` 或等价的私有频道管理权限 | 创建、邀请成员或归档私有作战室频道 | +| `channels:read` / `groups:read` | 读取频道基础信息和作战室详情 | +| `users:read` | 读取 Slack 用户基础信息 | +| `users:read.email` | 通过邮箱匹配并自动关联 Slack 用户 | +| `reactions:write` | AI SRE 处理消息时添加或移除确认表情 | +| `files:read` | 下载用户在对话中发送给 AI SRE 的图片或文件 | + + +如果您使用的是 Flashduty 官方 Slack 应用,只需按页面提示完成授权或重新授权。仅在使用自建 Slack 应用或内部审核应用权限时,才需要逐项核对以上权限。 + + ## 三、关联用户 在集成详情页的 **关联用户** 页签中,你可以查看团队成员与 Slack 账号的关联状态,并快速完成批量关联。 diff --git a/zh/on-call/integration/instant-messaging/wecom.mdx b/zh/on-call/integration/instant-messaging/wecom.mdx index 88e300c..8fbe0b0 100644 --- a/zh/on-call/integration/instant-messaging/wecom.mdx +++ b/zh/on-call/integration/instant-messaging/wecom.mdx @@ -106,6 +106,18 @@ Flashduty 作为企业微信服务商,为您提供 Flashduty 应用的长期 ![2025-10-14-20-26-45](https://docs-cdn.flashcat.cloud/images/png/fe3b2b788dda5d331148ba0946631b91.png) +### 配置 AI SRE 智能机器人 + +如果需要在企业微信中使用 AI SRE 对话能力,请额外配置企业微信智能机器人,并将机器人凭据填写到 Flashduty On-call 企业微信集成中。 + +1. 在企业微信管理后台创建或进入用于 AI SRE 的智能机器人。 +2. 配置机器人回调地址。回调地址请使用 Flashduty On-call 集成详情页展示的智能机器人回调地址。 +3. 复制智能机器人的 `Token` 和 `EncodingAESKey`,并填写到 Flashduty On-call 集成配置中的智能机器人相关字段。 + + +企业微信自建应用和智能机器人是两套不同的能力。作战室建群、加人和作战室内初始 AI SRE 分析依赖自建应用;普通 AI SRE @机器人对话、流式回复和媒体解密依赖智能机器人 Token 与 EncodingAESKey。 + + ## 三、配置作战室 @@ -114,6 +126,14 @@ Flashduty 作为企业微信服务商,为您提供 Flashduty 应用的长期 完成先前步骤后,在 Flashduty On-call 集成配置页面的 **增强功能** 模块,勾选 **开启作战室** 即可启用该功能,无需额外配置。 + +请确认自建应用的 **可见范围** 覆盖所有可能被拉入作战室的成员。企业微信没有类似 Slack 或飞书的逐项 scope 列表,作战室能否创建、加人和发送消息主要取决于应用可见范围、基础接口权限、通讯录授权和回调配置。 + + + +在 Flashduty On-call 中解散作战室时,不会自动删除企业微信中已经创建的群聊。如需清理企业微信侧群聊,请在企业微信中手动处理。 + + 同一时间仅支持在一个 IM 集成中开启作战室功能。如果你已在其他 IM 集成(如钉钉、飞书、Slack)中启用了作战室,需要先在该集成中关闭后,才能在当前企业微信集成中开启。 @@ -196,4 +216,4 @@ Mac 桌面端默认使用企业微信的内置浏览器打开链接。您可以 请确认**应用主页**的 URL 中的 `redirect_uri` 参数中的域名是否完成企业微信要求的域名归属认证,详见企业微信官方文档 [《企业内部开发配置域名指引》](https://open.work.weixin.qq.com/wwopen/common/readDocument/40754)。 - \ No newline at end of file + From 9688fdfccd12fe75655978717a158ffa76f95254 Mon Sep 17 00:00:00 2001 From: debidong <1953531014@qq.com> Date: Wed, 3 Jun 2026 17:08:20 +0800 Subject: [PATCH 2/3] docs: clarify AI SRE IM permission supersets --- .../instant-messaging/dingtalk.mdx | 41 ++++++++------- .../integration/instant-messaging/lark.mdx | 44 +++++++++------- .../integration/instant-messaging/slack.mdx | 52 +++++++++---------- .../integration/instant-messaging/wecom.mdx | 18 ++++++- .../instant-messaging/dingtalk.mdx | 41 ++++++++------- .../integration/instant-messaging/lark.mdx | 44 +++++++++------- .../integration/instant-messaging/slack.mdx | 52 +++++++++---------- .../integration/instant-messaging/wecom.mdx | 18 ++++++- 8 files changed, 182 insertions(+), 128 deletions(-) diff --git a/en/on-call/integration/instant-messaging/dingtalk.mdx b/en/on-call/integration/instant-messaging/dingtalk.mdx index dd30d42..6bb0cc4 100644 --- a/en/on-call/integration/instant-messaging/dingtalk.mdx +++ b/en/on-call/integration/instant-messaging/dingtalk.mdx @@ -9,6 +9,25 @@ description: "By integrating a Dingtalk custom app, you can receive and respond This documentation uses the new version of Dingtalk Open Platform as an example. + + + +## AI SRE Required Permissions + +The following list is the full superset of permissions required when the Dingtalk IM integration uses AI SRE, including basic notifications, War Room, AI SRE conversations, and AI-generated post-mortem reports. In Dingtalk Open Platform, go to Development Configuration → **Permission Management** and request each official permission name below. + +| Official permission name | Purpose | +| :--- | :--- | +| `qyapi_chat_manage` | Create or manage group chats, scene groups, and group members | +| `qyapi_robot_sendmsg` | Send messages to group chats or individuals, send or update AI SRE card messages, and send the initial AI SRE analysis in War Rooms | +| `qyapi_chat_read` | Query group chat and scene group information | +| `qyapi_chat_base_read` | Query basic group chat information, QR codes, and related metadata | +| `qyapi_get_member_by_mobile` | Get Dingtalk users by phone number for automatic linking and War Room member invitation | + + +Dingtalk does not currently provide a stable API for Flashduty to read all granted app permissions. Manually confirm that all permissions above are granted in Dingtalk Open Platform. + + ## 1. Create Dingtalk App and Add Dingtalk Integration ### 1. Create Custom App @@ -89,12 +108,7 @@ Configure **App Homepage URL** and **PC Homepage URL** using the `App Homepage U ### 9. Request App Permissions -Go to Development Configuration → **Permission Management** page, request the following permissions for the group app created in previous steps: - -| Permission | Purpose | -| :--- | :--- | -| `qyapi_chat_manage` | Create or manage group chats, scene groups, and group members | -| `qyapi_robot_sendmsg` | Send messages to group chats or individuals, and send or update AI SRE card messages | +Go to the Development Configuration → **Permission Management** page and request all permissions listed in [AI SRE Required Permissions](#aisre-permissions) for the app created in previous steps. ![2025-09-18-15-20-36](https://docs-cdn.flashcat.cloud/images/png/4417440194002a011e2feca5fa5c9469.png) @@ -104,21 +118,12 @@ Go to Development Configuration → **Permission Management** page, request the If you don't need War Room functionality, skip this step and proceed directly to [**App Publishing and Usage**](#publish). - - ### 1. Request App Permissions -Go to Development Configuration → **Permission Management** page, request the following permissions for the group app created in previous steps: - -| Permission | Purpose | -| :--- | :--- | -| `qyapi_chat_read` | Query group chat and scene group information | -| `qyapi_chat_base_read` | Query basic group chat information, QR codes, and related metadata | -| `qyapi_get_member_by_mobile` | Get Dingtalk users by phone number for automatic linking and War Room member invitation | -| `qyapi_robot_sendmsg` | Send the initial AI SRE analysis after War Room creation and reply to AI SRE conversations through the bot | +If you did not grant all permissions during the basic configuration steps, go to Development Configuration → **Permission Management** and add every permission listed in [AI SRE Required Permissions](#aisre-permissions). -Dingtalk does not currently provide a stable API for Flashduty to read all granted app permissions. Manually confirm that these permissions, the app bot, the group bot, the group template, the `Template ID`, and the `Bot ID` are all configured in Dingtalk Open Platform. +Also confirm that the app bot, group bot, group template, `Template ID`, and `Bot ID` are all configured in Dingtalk Open Platform. ![2025-09-18-15-21-28](https://docs-cdn.flashcat.cloud/images/png/39142395390ce09726e3a95991549116.png) @@ -260,7 +265,7 @@ Go to Dingtalk → Workspace → Search app name → **Open App**, complete one -- Please check again if the app has been granted the [required permissions](#war-room-scope) for War Room functionality +- Check again that the app has been granted the [AI SRE required permissions](#aisre-permissions) listed at the beginning of this page - See the **FAQ** section in [War Room documentation](/en/on-call/advanced/war-room) diff --git a/en/on-call/integration/instant-messaging/lark.mdx b/en/on-call/integration/instant-messaging/lark.mdx index f01890b..17f474b 100644 --- a/en/on-call/integration/instant-messaging/lark.mdx +++ b/en/on-call/integration/instant-messaging/lark.mdx @@ -5,6 +5,28 @@ description: "By integrating a Feishu/Lark custom app, you can receive and respo **Plan requirement**: IM integration requires an On-call Pro or higher subscription. [Learn more](https://flashcat.cloud/flashduty/price/) + + + +## AI SRE Required Permissions + +The following list is the full superset of permissions required when the Feishu/Lark IM integration uses AI SRE, including basic notifications, War Room, AI SRE conversations, and AI-generated post-mortem reports. In the Feishu/Lark Open Platform **Permission Management** page, request each official permission name below. + +| Official permission name | Purpose | +| :--- | :--- | +| `im:chat` | Create and manage War Room chats, get chat information, and add chat members | +| `im:message` | Read and send direct and group messages | +| `im:message:send_as_bot` | Send AI SRE replies and War Room messages as the bot | +| `im:message:update` | Update messages sent by the app for AI SRE streaming replies | +| `im:message.group_msg` | Read group chat history; required for AI SRE context and AI-generated post-mortem reports | +| `im:message.reactions:read` | Query message reactions for AI SRE processing status confirmation | +| `im:message.reactions:write_only` | Add or delete message reactions for AI SRE processing status confirmation | +| `im:resource` | Upload and download images, files, and other message resources | +| `cardkit:card:write` | Create and update CardKit cards for AI SRE streaming replies | +| `contact:user.id:readonly` | Get user IDs by phone number or email for automatic linking and member invitation | +| `contact:contact.base:readonly` | Get basic contact information for reading user and department metadata | +| `contact:user.base:readonly` | Get basic user information for displaying sender names | +
{/* ## Video Introduction @@ -84,23 +106,7 @@ See Feishu/Lark development documentation [Configure Redirect URL](https://open. ### 3. Request App Permissions -Go to **Permission Management** page, request the following permissions for the group app created in previous steps: - - - -| Permission | Purpose | -| :--- | :--- | -| `im:chat` | Create and manage War Room chats, get chat information, and add chat members | -| `im:message` | Get and send direct and group messages | -| `im:message:send_as_bot` | Send AI SRE replies and War Room messages as the bot | -| `im:message.group_msg` | Read group chat history; required for AI SRE context and AI-generated post-mortem reports | -| `im:resource` or `im:resource:upload` | Upload and download images, files, and other message resources | -| `cardkit:card:write` | Create and update CardKit cards for AI SRE streaming replies | -| `contact:user.id:readonly` | Get user IDs by phone number or email for automatic linking and member invitation | - - -If the Feishu/Lark permission page asks you to configure contact field permissions, grant read access to basic user information so Flashduty can display sender names and match users. - +Go to the **Permission Management** page and request all permissions listed in [AI SRE Required Permissions](#aisre-permissions) for the app created in previous steps. ![2025-09-18-10-55-14](https://docs-cdn.flashcat.cloud/images/png/d919be62107f6b9d0c662f440d620e61.png) @@ -130,7 +136,7 @@ Feishu/Lark → Workspace → Search app name → **Open App** ## 5. Configure War Room -> Ensure the app has been granted the [additional permissions](#war-room-scope) required for War Room functionality. +> Ensure the app has been granted the [AI SRE required permissions](#aisre-permissions) listed at the beginning of this page. After completing the previous steps, in the Flashduty On-call integration configuration page's **Enhanced Features** section, check **Enable War Room** to activate this feature—no additional configuration needed. @@ -204,7 +210,7 @@ After exceeding API call limits, Feishu/Lark app cannot deliver messages properl -- Please check again if the app has been granted the [required permissions](#war-room-scope) for War Room functionality +- Check again that the app has been granted the [AI SRE required permissions](#aisre-permissions) listed at the beginning of this page - See the **FAQ** section in [War Room documentation](/en/on-call/advanced/war-room) diff --git a/en/on-call/integration/instant-messaging/slack.mdx b/en/on-call/integration/instant-messaging/slack.mdx index e468560..c905452 100644 --- a/en/on-call/integration/instant-messaging/slack.mdx +++ b/en/on-call/integration/instant-messaging/slack.mdx @@ -5,6 +5,29 @@ description: "By integrating the Slack third-party app, you can receive and resp **Plan requirement**: IM integration requires an On-call Pro or higher subscription. [Learn more](https://flashcat.cloud/flashduty/price/) + + +## AI SRE Required Permissions + +The following list is the full superset of permissions required when the Slack IM integration uses AI SRE, including basic notifications, War Room, AI SRE conversations, and AI-generated post-mortem reports. If you use the official Flashduty Slack app, complete authorization or re-authorization from the Flashduty page. If you use a self-managed Slack app, confirm each Bot Token Scope in Slack OAuth & Permissions. + +| Official permission name | Purpose | +| :--- | :--- | +| `chat:write` | Send alert notifications, War Room messages, AI SRE replies, and streaming message updates | +| `app_mentions:read` | Receive AI SRE messages that mention @Flashduty in channels | +| `im:history` | Receive and read direct messages with the Flashduty Bot | +| `channels:history` | Read public channel history for AI SRE context and AI-generated post-mortem reports | +| `groups:history` | Read private channel history; required when War Rooms are created as private channels | +| `channels:manage` | Create and manage public channels | +| `groups:write` | Create and manage private channels | +| `groups:write.invites` | Invite members to private War Room channels | +| `channels:read` | Read public channel metadata | +| `groups:read` | Read private channel metadata and War Room details | +| `users:read` | Read basic Slack user information | +| `users:read.email` | Match and automatically link Slack users by email | +| `reactions:write` | Add or remove confirmation reactions while AI SRE processes messages | +| `files:read` | Download images or files sent to AI SRE in conversations | + ## 1. Install App @@ -30,30 +53,7 @@ Enter data source name, click **Save**. After completing the previous steps, in the Flashduty On-call integration configuration page's **Enhanced Features** section, check **Enable War Room** to activate this feature—no additional configuration needed. -To enable AI-generated post-mortem with war room chat history, the app requires additional `channels:history` permission. For existing Slack integrations, you need to manually re-authorize to grant this permission. - - -### Required permissions - -When you enable War Room or use AI SRE, the Slack app needs the following permissions. Flashduty checks part of the permission set when you enable War Room. If the page shows missing permissions, click **Re-authorize**. - -| Permission | Purpose | -| :--- | :--- | -| `chat:write` | Send alert notifications, War Room messages, AI SRE replies, and streaming message updates | -| `app_mentions:read` | Receive AI SRE messages that mention @Flashduty in channels | -| `im:history` | Receive and read direct messages with the Flashduty Bot | -| `channels:history` | Read public channel history for AI SRE context and AI-generated post-mortem reports | -| `groups:history` | Read private channel history; required when War Rooms are created as private channels | -| `channels:manage` | Create and manage War Room channels | -| `groups:write` or equivalent private-channel management permission | Create, invite members to, or archive private War Room channels | -| `channels:read` / `groups:read` | Read channel metadata and War Room details | -| `users:read` | Read basic Slack user information | -| `users:read.email` | Match and automatically link Slack users by email | -| `reactions:write` | Add or remove confirmation reactions while AI SRE processes messages | -| `files:read` | Download images or files sent to AI SRE in conversations | - - -If you use the official Flashduty Slack app, you only need to complete authorization or re-authorization from the Flashduty page. Review the permission list item by item only when you use a self-managed Slack app or need an internal app permission review. +If your Slack integration was authorized before War Room or AI SRE was released, first confirm that the [AI SRE required permissions](#aisre-permissions) have been added through re-authorization. ## 3. Linked Users @@ -86,7 +86,7 @@ The system can only push Slack message notifications after members complete link - Only one IM integration can have War Room enabled at a time. If you have already enabled War Room in another IM integration (such as Dingtalk, Feishu/Lark, or WeCom), you need to disable it there first before enabling it in the current Slack integration - When enabling War Room, the system automatically verifies whether the current Slack app has all required permissions. If missing permissions are detected, a warning message appears on the page with a **Re-authorize** link -- Click the **Re-authorize** link to be redirected to the Slack authorization page, which requests additional permissions needed for War Room functionality (including channel management, message read/write, user info reading, etc.). After completing authorization, the page automatically returns to Flashduty +- Click the **Re-authorize** link to be redirected to the Slack authorization page, which requests the AI SRE required permissions listed at the beginning of this page (including channel management, message read/write, user info reading, etc.). After completing authorization, the page automatically returns to Flashduty - If your Slack integration was authorized before the War Room feature was released, you will typically need to re-authorize on first use to add the new permissions. Re-authorization does not affect your existing integration configuration or user associations @@ -126,7 +126,7 @@ Please try again. If the error persists after retry, please contact customer ser -- For previously authorized Slack IM integrations, you need to manually re-authorize Slack in the Flashduty On-call integration configuration page for the app to obtain additional permissions required for War Room functionality +- For previously authorized Slack IM integrations, manually re-authorize Slack in the Flashduty On-call integration configuration page so the app obtains the [AI SRE required permissions](#aisre-permissions) listed at the beginning of this page - See the **FAQ** section in [War Room documentation](/en/on-call/advanced/war-room) diff --git a/en/on-call/integration/instant-messaging/wecom.mdx b/en/on-call/integration/instant-messaging/wecom.mdx index 7a99860..09a79a0 100644 --- a/en/on-call/integration/instant-messaging/wecom.mdx +++ b/en/on-call/integration/instant-messaging/wecom.mdx @@ -5,6 +5,22 @@ description: "By integrating a WeCom third-party app, you can receive and respon **Plan requirement**: IM integration requires an On-call Pro or higher subscription. [Learn more](https://flashcat.cloud/flashduty/price/) + + +## AI SRE Required Permissions and Capabilities + +WeCom does not provide per-item OAuth scope names like Slack or Feishu/Lark. The following list is the full superset of permissions and capabilities that must be enabled or configured in WeCom Admin Console when the WeCom IM integration uses AI SRE, including basic notifications, War Room, AI SRE conversations, and AI-generated post-mortem reports. Names below use WeCom console or official API names. + +| WeCom official name | Purpose | +| :--- | :--- | +| `企业自建应用` | Custom app required for AI SRE War Room creation, member invitation, and the initial AI SRE analysis in War Rooms | +| `应用可见范围` | App visibility must cover all members who may receive notifications, link accounts, or be invited to War Rooms | +| `基础接口权限` | Basic API permissions allow the custom app to call app message and app chat APIs | +| `通讯录基本信息只读` | Reads basic member information and resolves WeCom `userid` by phone number or email | +| `接收消息` | Enables the custom app to receive callbacks, card events, and message events | +| `API 接收` | Configures the callback URL, Token, and EncodingAESKey for callback verification/decryption | +| `智能机器人` | Smart bot supports regular AI SRE @bot conversations, streaming replies, and media decryption | + This documentation supports [Third-Party App Integration](#third-party) or [Custom App Integration](#self) methods.
@@ -126,7 +142,7 @@ War Room functionality is only supported in **Custom App Integration** mode. After completing previous steps, in the Flashduty On-call integration configuration page's **Enhanced Features** section, check **Enable War Room** to activate this feature—no additional configuration needed. -Make sure the custom app **Visibility** covers all members who may be invited to War Rooms. WeCom does not provide a Slack-like or Feishu/Lark-like per-scope list. War Room creation, member invitation, and message delivery mainly depend on app visibility, basic API permissions, contact authorization, and callback configuration. +If War Room creation, member invitation, or message delivery does not work as expected, first check the custom app, visibility, basic API permissions, contact permissions, and callback configuration listed in [AI SRE Required Permissions and Capabilities](#aisre-permissions). diff --git a/zh/on-call/integration/instant-messaging/dingtalk.mdx b/zh/on-call/integration/instant-messaging/dingtalk.mdx index 20bdf4f..ad0f544 100644 --- a/zh/on-call/integration/instant-messaging/dingtalk.mdx +++ b/zh/on-call/integration/instant-messaging/dingtalk.mdx @@ -10,6 +10,25 @@ keywords: ["钉钉", "即时消息", "告警通知", "IM集成", "钉钉机器 本文档以钉钉开放平台新版为例。 + + + +## AISRE 所需权限 + +以下为钉钉 IM 集成在开启 AISRE(包含基础通知、作战室、AI SRE 对话和 AI 生成复盘)时需要授予的完整超集权限。进入钉钉开放平台 开发配置 → **权限管理** 页面时,请逐项申请以下官方权限名称。 + +| 官方权限名称 | 用途 | +| :--- | :--- | +| `qyapi_chat_manage` | 创建或管理群聊、场景群和群成员 | +| `qyapi_robot_sendmsg` | 向群聊或个人发送消息,发送和更新 AI SRE 卡片消息,并发送作战室初始 AI SRE 分析 | +| `qyapi_chat_read` | 查询群聊信息和场景群信息 | +| `qyapi_chat_base_read` | 查询群聊基础信息、二维码等基础数据 | +| `qyapi_get_member_by_mobile` | 根据手机号获取钉钉用户,以便自动关联成员并邀请用户加入作战室 | + + +钉钉当前没有稳定的接口可供 Flashduty 自动读取应用已授权权限。请在钉钉开放平台中人工确认以上权限已全部开通。 + + ## 一、创建钉钉应用与添加钉钉集成 ### 1. 创建自建应用 @@ -90,12 +109,7 @@ keywords: ["钉钉", "即时消息", "告警通知", "IM集成", "钉钉机器 ### 9. 申请应用权限 -进入 开发配置 → **权限管理** 页面,为先前步骤创建的群应用申请以下权限: - -| 权限 | 用途 | -| :--- | :--- | -| `qyapi_chat_manage` | 创建或管理群聊、场景群和群成员 | -| `qyapi_robot_sendmsg` | 向群聊或个人发送消息,发送和更新 AI SRE 卡片消息 | +进入 开发配置 → **权限管理** 页面,为先前步骤创建的群应用申请页面开头 [AISRE 所需权限](#aisre-permissions) 中列出的全部权限。 ![2025-09-18-15-20-36](https://docs-cdn.flashcat.cloud/images/png/4417440194002a011e2feca5fa5c9469.png) @@ -105,21 +119,12 @@ keywords: ["钉钉", "即时消息", "告警通知", "IM集成", "钉钉机器 若您无需配置作战室功能,可跳过本步骤,直接进入 [**应用发布与使用**](#publish)。 - - ### 1. 申请应用权限 -进入 开发配置 → **权限管理** 页面,为先前步骤创建的群应用申请以下权限: - -| 权限 | 用途 | -| :--- | :--- | -| `qyapi_chat_read` | 查询群聊信息和场景群信息 | -| `qyapi_chat_base_read` | 查询群聊基础信息、二维码等基础数据 | -| `qyapi_get_member_by_mobile` | 根据手机号获取钉钉用户,以便自动关联成员并邀请用户加入作战室 | -| `qyapi_robot_sendmsg` | 作战室创建后发送初始 AI SRE 分析,并通过机器人消息回复 AI SRE 会话 | +若在前面的基础配置阶段尚未完成授权,请进入 开发配置 → **权限管理** 页面,按页面开头 [AISRE 所需权限](#aisre-permissions) 补齐全部权限。 -钉钉当前没有稳定的接口可供 Flashduty 自动读取应用已授权权限。请在钉钉开放平台中人工确认以上权限、应用机器人、群机器人、群模板、`模板 ID` 和 `机器人 ID` 都已配置完成。 +请同时确认应用机器人、群机器人、群模板、`模板 ID` 和 `机器人 ID` 都已配置完成。 ![2025-09-18-15-21-28](https://docs-cdn.flashcat.cloud/images/png/39142395390ce09726e3a95991549116.png) @@ -261,7 +266,7 @@ keywords: ["钉钉", "即时消息", "告警通知", "IM集成", "钉钉机器 -- 请再次检查是否为应用配置了作战室功能[所需权限](#war-room-scope) +- 请再次检查是否为应用配置了页面开头列出的 [AISRE 所需权限](#aisre-permissions) - 请参考 [作战室介绍文档](/zh/on-call/advanced/war-room) 的 **常见问题** 部分 diff --git a/zh/on-call/integration/instant-messaging/lark.mdx b/zh/on-call/integration/instant-messaging/lark.mdx index 80f8445..7684a0e 100644 --- a/zh/on-call/integration/instant-messaging/lark.mdx +++ b/zh/on-call/integration/instant-messaging/lark.mdx @@ -6,6 +6,28 @@ keywords: ["飞书", "Lark", "即时消息", "告警通知", "IM集成"] **版本要求**:IM 集成需要 On-call 专业版及以上订阅。[了解更多](https://flashcat.cloud/flashduty/price/) + + + +## AISRE 所需权限 + +以下为飞书/Lark IM 集成在开启 AISRE(包含基础通知、作战室、AI SRE 对话和 AI 生成复盘)时需要授予的完整超集权限。进入飞书/Lark 开放平台 **权限管理** 页面时,请逐项申请以下官方权限名称。 + +| 官方权限名称 | 用途 | +| :--- | :--- | +| `im:chat` | 创建和管理作战室群、获取群信息、添加群成员 | +| `im:message` | 读取和发送单聊、群组消息 | +| `im:message:send_as_bot` | 以机器人身份发送 AI SRE 回复和作战室消息 | +| `im:message:update` | 更新应用已发送的消息,用于 AI SRE 流式回复更新 | +| `im:message.group_msg` | 读取群聊历史消息;AI SRE 上下文和 AI 生成复盘报告需要该权限 | +| `im:message.reactions:read` | 查询消息表情反应,用于 AI SRE 处理状态确认 | +| `im:message.reactions:write_only` | 添加或删除消息表情反应,用于 AI SRE 处理状态确认 | +| `im:resource` | 上传和下载消息中的图片、文件等资源 | +| `cardkit:card:write` | 创建和更新 CardKit 卡片,用于 AI SRE 流式回复 | +| `contact:user.id:readonly` | 通过手机号或邮箱获取用户 ID,用于自动关联和邀请成员 | +| `contact:contact.base:readonly` | 获取通讯录基本信息,用于读取用户和部门基础资料 | +| `contact:user.base:readonly` | 获取用户基础信息,用于显示发送者名称 | +
{/* ## 视频介绍 @@ -85,23 +107,7 @@ keywords: ["飞书", "Lark", "即时消息", "告警通知", "IM集成"] ### 3. 申请应用权限 -进入 **权限管理** 页面,为先前步骤创建的群应用申请以下权限: - - - -| 权限 | 用途 | -| :--- | :--- | -| `im:chat` | 创建和管理作战室群、获取群信息、添加群成员 | -| `im:message` | 获取和发送单聊、群组消息 | -| `im:message:send_as_bot` | 以机器人身份发送 AI SRE 回复和作战室消息 | -| `im:message.group_msg` | 读取群聊历史消息;AI SRE 上下文和 AI 生成复盘报告需要该权限 | -| `im:resource` 或 `im:resource:upload` | 上传和下载消息中的图片、文件等资源 | -| `cardkit:card:write` | 创建和更新 CardKit 卡片,用于 AI SRE 流式回复 | -| `contact:user.id:readonly` | 通过手机号或邮箱获取用户 ID,用于自动关联和邀请成员 | - - -如果飞书/Lark 权限页面要求配置通讯录字段权限,请授予读取用户基础信息的权限,以便 Flashduty 显示发送者名称并完成用户匹配。 - +进入 **权限管理** 页面,为先前步骤创建的群应用申请页面开头 [AISRE 所需权限](#aisre-permissions) 中列出的全部权限。 ![2025-09-18-10-55-14](https://docs-cdn.flashcat.cloud/images/png/d919be62107f6b9d0c662f440d620e61.png) @@ -131,7 +137,7 @@ keywords: ["飞书", "Lark", "即时消息", "告警通知", "IM集成"] ## 五、配置作战室 -> 确保应用已被授权使用作战室功能所需的[额外权限](#war-room-scope)。 +> 确保应用已被授权使用页面开头列出的 [AISRE 所需权限](#aisre-permissions)。 完成先前步骤后,在 Flashduty On-call 集成配置页面的 **增强功能** 模块,勾选 **开启作战室** 即可启用该功能,无需额外配置。 @@ -205,7 +211,7 @@ keywords: ["飞书", "Lark", "即时消息", "告警通知", "IM集成"] -- 请再次检查是否为应用配置了作战室功能[所需权限](#war-room-scope) +- 请再次检查是否为应用配置了页面开头列出的 [AISRE 所需权限](#aisre-permissions) - 请参考 [作战室介绍文档](/zh/on-call/advanced/war-room) 的 **常见问题** 部分 diff --git a/zh/on-call/integration/instant-messaging/slack.mdx b/zh/on-call/integration/instant-messaging/slack.mdx index 745dc7a..e979c8a 100644 --- a/zh/on-call/integration/instant-messaging/slack.mdx +++ b/zh/on-call/integration/instant-messaging/slack.mdx @@ -6,6 +6,29 @@ keywords: ["Slack", "即时消息", "告警通知", "IM集成", "协作工具"] **版本要求**:IM 集成需要 On-call 专业版及以上订阅。[了解更多](https://flashcat.cloud/flashduty/price/) + + +## AISRE 所需权限 + +以下为 Slack IM 集成在开启 AISRE(包含基础通知、作战室、AI SRE 对话和 AI 生成复盘)时需要授予的完整超集权限。使用 Flashduty 官方 Slack 应用时,请按页面提示授权或重新授权;使用自建 Slack 应用时,请在 Slack OAuth & Permissions 中逐项确认以下 Bot Token Scopes。 + +| 官方权限名称 | 用途 | +| :--- | :--- | +| `chat:write` | 发送告警通知、作战室消息、AI SRE 回复,并更新流式回复消息 | +| `app_mentions:read` | 接收频道中 @Flashduty 的 AI SRE 消息 | +| `im:history` | 接收并读取与 Flashduty Bot 的私聊消息 | +| `channels:history` | 读取公开频道历史,用于 AI SRE 上下文和 AI 生成复盘报告 | +| `groups:history` | 读取私有频道历史;作战室创建的是私有频道时需要该权限 | +| `channels:manage` | 创建和管理公开频道 | +| `groups:write` | 创建和管理私有频道 | +| `groups:write.invites` | 邀请成员加入私有作战室频道 | +| `channels:read` | 读取公开频道基础信息 | +| `groups:read` | 读取私有频道基础信息和作战室详情 | +| `users:read` | 读取 Slack 用户基础信息 | +| `users:read.email` | 通过邮箱匹配并自动关联 Slack 用户 | +| `reactions:write` | AI SRE 处理消息时添加或移除确认表情 | +| `files:read` | 下载用户在对话中发送给 AI SRE 的图片或文件 | + ## 一、安装应用 @@ -31,30 +54,7 @@ keywords: ["Slack", "即时消息", "告警通知", "IM集成", "协作工具"] 完成先前步骤后,在 Flashduty On-call 集成配置页面的 **增强功能** 模块,勾选 **开启作战室** 即可启用该功能,无需额外配置。 -若需启用 AI 生成复盘报告(读取作战室聊天记录),应用需要额外的 `channels:history` 权限。对于已授权的 Slack 集成,您需要手动重新授权以获取该权限。 - - -### 权限说明 - -开启作战室或使用 AI SRE 时,Slack 应用需要具备以下权限。Flashduty 会在开启作战室时自动检查部分权限;如果页面提示缺少权限,请点击 **重新授权**。 - -| 权限 | 用途 | -| :--- | :--- | -| `chat:write` | 发送告警通知、作战室消息、AI SRE 回复,并更新流式回复消息 | -| `app_mentions:read` | 接收频道中 @Flashduty 的 AI SRE 消息 | -| `im:history` | 接收并读取与 Flashduty Bot 的私聊消息 | -| `channels:history` | 读取公开频道历史,用于 AI SRE 上下文和 AI 生成复盘报告 | -| `groups:history` | 读取私有频道历史;作战室创建的是私有频道时需要该权限 | -| `channels:manage` | 创建和管理作战室频道 | -| `groups:write` 或等价的私有频道管理权限 | 创建、邀请成员或归档私有作战室频道 | -| `channels:read` / `groups:read` | 读取频道基础信息和作战室详情 | -| `users:read` | 读取 Slack 用户基础信息 | -| `users:read.email` | 通过邮箱匹配并自动关联 Slack 用户 | -| `reactions:write` | AI SRE 处理消息时添加或移除确认表情 | -| `files:read` | 下载用户在对话中发送给 AI SRE 的图片或文件 | - - -如果您使用的是 Flashduty 官方 Slack 应用,只需按页面提示完成授权或重新授权。仅在使用自建 Slack 应用或内部审核应用权限时,才需要逐项核对以上权限。 +如果您的 Slack 集成是在作战室或 AISRE 功能上线之前完成授权的,请先确认页面开头的 [AISRE 所需权限](#aisre-permissions) 已通过重新授权补齐。 ## 三、关联用户 @@ -87,7 +87,7 @@ keywords: ["Slack", "即时消息", "告警通知", "IM集成", "协作工具"] - 同一时间仅支持在一个 IM 集成中开启作战室功能。如果您已在其他 IM 集成(如钉钉、飞书、企业微信)中启用了作战室,需要先在该集成中关闭后,才能在当前 Slack 集成中开启 - 开启作战室时,系统会自动验证当前 Slack 应用是否具备作战室所需的全部权限。如果检测到缺少必要权限,页面会显示一条警告提示,并提供 **重新授权** 链接 -- 点击 **重新授权** 链接后,系统会跳转到 Slack 授权页面,请求作战室功能所需的额外权限(包括频道管理、消息读写、用户信息读取等)。完成授权后,页面会自动返回 Flashduty +- 点击 **重新授权** 链接后,系统会跳转到 Slack 授权页面,请求页面开头列出的 AISRE 所需权限(包括频道管理、消息读写、用户信息读取等)。完成授权后,页面会自动返回 Flashduty - 如果您的 Slack 集成是在作战室功能上线之前完成授权的,首次开启时通常需要重新授权以补充新增权限。重新授权不会影响已有的集成配置和用户关联 @@ -127,7 +127,7 @@ keywords: ["Slack", "即时消息", "告警通知", "IM集成", "协作工具"] -- 对于之前授权的 Slack IM 集成,需要您在 Flashduty On-call 集成配置页中对 Slack 手动进行重新授权,以使应用获得作战室功能所需的额外权限 +- 对于之前授权的 Slack IM 集成,需要您在 Flashduty On-call 集成配置页中对 Slack 手动进行重新授权,以使应用获得页面开头列出的 [AISRE 所需权限](#aisre-permissions) - 请参考 [作战室介绍文档](/zh/on-call/advanced/war-room) 的 **常见问题** 部分 diff --git a/zh/on-call/integration/instant-messaging/wecom.mdx b/zh/on-call/integration/instant-messaging/wecom.mdx index 8fbe0b0..22a3a91 100644 --- a/zh/on-call/integration/instant-messaging/wecom.mdx +++ b/zh/on-call/integration/instant-messaging/wecom.mdx @@ -6,6 +6,22 @@ keywords: ["企业微信", "WeCom", "即时消息", "告警通知", "IM集成"] **版本要求**:IM 集成需要 On-call 专业版及以上订阅。[了解更多](https://flashcat.cloud/flashduty/price/) + + +## AISRE 所需权限和能力 + +企业微信没有类似 Slack、飞书/Lark 的逐项 OAuth scope 名称。以下为企业微信 IM 集成在开启 AISRE(包含基础通知、作战室、AI SRE 对话和 AI 生成复盘)时,需要在企业微信管理后台开通或配置的完整超集权限和能力;名称均使用企业微信后台或官方接口中的名称。 + +| 企业微信官方名称 | 用途 | +| :--- | :--- | +| `企业自建应用` | AISRE 作战室创建、邀请成员和作战室初始 AI SRE 分析必须使用自建应用模式 | +| `应用可见范围` | 需要覆盖所有可能接收通知、关联账号或被拉入作战室的成员 | +| `基础接口权限` | 允许自建应用调用应用消息、应用群聊等基础接口 | +| `通讯录基本信息只读` | 读取成员基础信息,并按手机号或邮箱解析企业微信 `userid` | +| `接收消息` | 开启自建应用接收回调、卡片事件和消息事件的能力 | +| `API 接收` | 配置回调地址、Token 和 EncodingAESKey,并完成回调校验解密 | +| `智能机器人` | 支持普通 AI SRE @机器人对话、流式回复和媒体解密 | + 本文档支持 [集成第三方应用](#third-party) 或 [集成企业自建应用](#self) 两种方式。
@@ -127,7 +143,7 @@ Flashduty 作为企业微信服务商,为您提供 Flashduty 应用的长期 完成先前步骤后,在 Flashduty On-call 集成配置页面的 **增强功能** 模块,勾选 **开启作战室** 即可启用该功能,无需额外配置。 -请确认自建应用的 **可见范围** 覆盖所有可能被拉入作战室的成员。企业微信没有类似 Slack 或飞书的逐项 scope 列表,作战室能否创建、加人和发送消息主要取决于应用可见范围、基础接口权限、通讯录授权和回调配置。 +如遇作战室创建、加人或消息发送异常,请优先核对页面开头 [AISRE 所需权限和能力](#aisre-permissions) 中列出的自建应用、可见范围、基础接口权限、通讯录权限和回调配置。 From 3b7f663ff2ce4d9e307732b0d10bd4e077b58622 Mon Sep 17 00:00:00 2001 From: debidong <1953531014@qq.com> Date: Wed, 3 Jun 2026 19:23:29 +0800 Subject: [PATCH 3/3] docs: improve permission wording and standard alert path --- docs.json | 22 +++++++++++++++++-- en/on-call/advanced/reference-variables.mdx | 2 +- en/on-call/incident/what-is-incident.mdx | 2 +- .../alert-sources/http-pull.mdx | 4 ++-- ...{standard alert.mdx => standard-alert.mdx} | 0 .../instant-messaging/dingtalk.mdx | 2 +- .../integration/instant-messaging/lark.mdx | 2 +- .../integration/instant-messaging/slack.mdx | 2 +- .../integration/instant-messaging/wecom.mdx | 2 +- en/openapi/introduction.mdx | 2 +- zh/on-call/advanced/reference-variables.mdx | 2 +- zh/on-call/incident/what-is-incident.mdx | 2 +- .../alert-sources/http-pull.mdx | 4 ++-- ...{standard alert.mdx => standard-alert.mdx} | 0 .../instant-messaging/dingtalk.mdx | 2 +- .../integration/instant-messaging/lark.mdx | 2 +- .../integration/instant-messaging/slack.mdx | 2 +- .../integration/instant-messaging/wecom.mdx | 2 +- zh/openapi/introduction.mdx | 2 +- 19 files changed, 38 insertions(+), 20 deletions(-) rename en/on-call/integration/alert-integration/alert-sources/{standard alert.mdx => standard-alert.mdx} (100%) rename zh/on-call/integration/alert-integration/alert-sources/{standard alert.mdx => standard-alert.mdx} (100%) diff --git a/docs.json b/docs.json index acc9e39..ee14371 100644 --- a/docs.json +++ b/docs.json @@ -18,6 +18,24 @@ "canonical": "https://docs.flashcat.cloud" } }, + "redirects": [ + { + "source": "/zh/on-call/integration/alert-integration/alert-sources/standard alert", + "destination": "/zh/on-call/integration/alert-integration/alert-sources/standard-alert" + }, + { + "source": "/zh/on-call/integration/alert-integration/alert-sources/standard%20alert", + "destination": "/zh/on-call/integration/alert-integration/alert-sources/standard-alert" + }, + { + "source": "/en/on-call/integration/alert-integration/alert-sources/standard alert", + "destination": "/en/on-call/integration/alert-integration/alert-sources/standard-alert" + }, + { + "source": "/en/on-call/integration/alert-integration/alert-sources/standard%20alert", + "destination": "/en/on-call/integration/alert-integration/alert-sources/standard-alert" + } + ], "navigation": { "languages": [ { @@ -206,7 +224,7 @@ "group": "告警集成", "expanded": false, "pages": [ - "zh/on-call/integration/alert-integration/alert-sources/standard alert", + "zh/on-call/integration/alert-integration/alert-sources/standard-alert", "zh/on-call/integration/alert-integration/alert-sources/http-pull", "zh/on-call/integration/alert-integration/alert-sources/prometheus", "zh/on-call/integration/alert-integration/alert-sources/grafana", @@ -1247,7 +1265,7 @@ "group": "Alert Integration", "expanded": false, "pages": [ - "en/on-call/integration/alert-integration/alert-sources/standard alert", + "en/on-call/integration/alert-integration/alert-sources/standard-alert", "en/on-call/integration/alert-integration/alert-sources/http-pull", "en/on-call/integration/alert-integration/alert-sources/prometheus", "en/on-call/integration/alert-integration/alert-sources/grafana", diff --git a/en/on-call/advanced/reference-variables.mdx b/en/on-call/advanced/reference-variables.mdx index 95e592d..18fc47d 100644 --- a/en/on-call/advanced/reference-variables.mdx +++ b/en/on-call/advanced/reference-variables.mdx @@ -9,7 +9,7 @@ By referencing variables from alert labels and attributes, you can modify and cu -When reporting custom alert events via the alert [Event API](/en/on-call/integration/alert-integration/alert-sources/standard alert), you can use the `title_rule` field to customize the alert title. +When reporting custom alert events via the alert [Event API](/en/on-call/integration/alert-integration/alert-sources/standard-alert), you can use the `title_rule` field to customize the alert title. Reference variables in alert pipelines to modify alert severity, title, description, and other information. diff --git a/en/on-call/incident/what-is-incident.mdx b/en/on-call/incident/what-is-incident.mdx index 63d6ead..aa7735f 100644 --- a/en/on-call/incident/what-is-incident.mdx +++ b/en/on-call/incident/what-is-incident.mdx @@ -135,7 +135,7 @@ Flashduty On-call supports dedicated and shared integration modes: ### Trigger via API -Flashduty On-call provides a custom event standard, allowing you to report alerts via standard protocol, suitable for any non-integrated monitoring system. For details, read [Custom Alert Events](/en/on-call/integration/alert-integration/alert-sources/standard alert). +Flashduty On-call provides a custom event standard, allowing you to report alerts via standard protocol, suitable for any non-integrated monitoring system. For details, read [Custom Alert Events](/en/on-call/integration/alert-integration/alert-sources/standard-alert). To ensure system stability, Flashduty On-call enforces rate limits per integration (**100 requests/second**, **1000 requests/minute**). Exceeding these limits returns a `429` status code — please wait and retry. See [Integrate Data - Rate Limits](/en/on-call/channel/integrate-data#rate-limits) for details. diff --git a/en/on-call/integration/alert-integration/alert-sources/http-pull.mdx b/en/on-call/integration/alert-integration/alert-sources/http-pull.mdx index 64392a9..43b7e3d 100644 --- a/en/on-call/integration/alert-integration/alert-sources/http-pull.mdx +++ b/en/on-call/integration/alert-integration/alert-sources/http-pull.mdx @@ -4,7 +4,7 @@ description: "Flashduty periodically polls an external HTTP endpoint and ingests keywords: ["Alert Integration", "HTTP Pull", "Polling", "Cursor Pagination", "Data Ingestion"] --- -By configuring an HTTP endpoint, Flashduty issues a request on the schedule you define and parses the response into events conforming to the [Standard Alert Event](/en/on-call/integration/alert-integration/alert-sources/standard alert) protocol, which are then written into the alert channel. Your system does not need to support push delivery — it only needs to expose a readable alert query endpoint. +By configuring an HTTP endpoint, Flashduty issues a request on the schedule you define and parses the response into events conforming to the [Standard Alert Event](/en/on-call/integration/alert-integration/alert-sources/standard-alert) protocol, which are then written into the alert channel. Your system does not need to support push delivery — it only needs to expose a readable alert query endpoint. :::tips HTTP Pull is the right choice when your source **cannot send webhooks**, **is query-only by nature**, or when you **do not want to modify the upstream system**. If your system already supports webhook delivery, prefer the corresponding push-based integration (Prometheus, Zabbix, etc.) — it has lower latency and a smaller resource footprint. @@ -74,7 +74,7 @@ External systems use different field names and values for alert severity. **Seve ### Response Format -The response must conform to Flashduty's [Standard Alert Event](/en/on-call/integration/alert-integration/alert-sources/standard alert) protocol (`response_mode = standard`). Key fields include `event_status`, `title_rule`, `alert_key`, `description`, `labels`, etc. Refer to the Standard Alert Event documentation for the semantics and length limits of each field. +The response must conform to Flashduty's [Standard Alert Event](/en/on-call/integration/alert-integration/alert-sources/standard-alert) protocol (`response_mode = standard`). Key fields include `event_status`, `title_rule`, `alert_key`, `description`, `labels`, etc. Refer to the Standard Alert Event documentation for the semantics and length limits of each field. When pagination is enabled, the response must additionally expose a field for the next-page cursor, located at the path you set in **Cursor Path**. A typical shape: diff --git a/en/on-call/integration/alert-integration/alert-sources/standard alert.mdx b/en/on-call/integration/alert-integration/alert-sources/standard-alert.mdx similarity index 100% rename from en/on-call/integration/alert-integration/alert-sources/standard alert.mdx rename to en/on-call/integration/alert-integration/alert-sources/standard-alert.mdx diff --git a/en/on-call/integration/instant-messaging/dingtalk.mdx b/en/on-call/integration/instant-messaging/dingtalk.mdx index 6bb0cc4..73acda4 100644 --- a/en/on-call/integration/instant-messaging/dingtalk.mdx +++ b/en/on-call/integration/instant-messaging/dingtalk.mdx @@ -14,7 +14,7 @@ This documentation uses the new version of Dingtalk Open Platform as an example. ## AI SRE Required Permissions -The following list is the full superset of permissions required when the Dingtalk IM integration uses AI SRE, including basic notifications, War Room, AI SRE conversations, and AI-generated post-mortem reports. In Dingtalk Open Platform, go to Development Configuration → **Permission Management** and request each official permission name below. +The following list includes all permissions required when the Dingtalk IM integration uses AI SRE, including basic notifications, War Room, AI SRE conversations, and AI-generated post-mortem reports. In Dingtalk Open Platform, go to Development Configuration → **Permission Management** and request each official permission name below. | Official permission name | Purpose | | :--- | :--- | diff --git a/en/on-call/integration/instant-messaging/lark.mdx b/en/on-call/integration/instant-messaging/lark.mdx index 17f474b..610c9f1 100644 --- a/en/on-call/integration/instant-messaging/lark.mdx +++ b/en/on-call/integration/instant-messaging/lark.mdx @@ -10,7 +10,7 @@ description: "By integrating a Feishu/Lark custom app, you can receive and respo ## AI SRE Required Permissions -The following list is the full superset of permissions required when the Feishu/Lark IM integration uses AI SRE, including basic notifications, War Room, AI SRE conversations, and AI-generated post-mortem reports. In the Feishu/Lark Open Platform **Permission Management** page, request each official permission name below. +The following list includes all permissions required when the Feishu/Lark IM integration uses AI SRE, including basic notifications, War Room, AI SRE conversations, and AI-generated post-mortem reports. In the Feishu/Lark Open Platform **Permission Management** page, request each official permission name below. | Official permission name | Purpose | | :--- | :--- | diff --git a/en/on-call/integration/instant-messaging/slack.mdx b/en/on-call/integration/instant-messaging/slack.mdx index c905452..6a29a03 100644 --- a/en/on-call/integration/instant-messaging/slack.mdx +++ b/en/on-call/integration/instant-messaging/slack.mdx @@ -9,7 +9,7 @@ description: "By integrating the Slack third-party app, you can receive and resp ## AI SRE Required Permissions -The following list is the full superset of permissions required when the Slack IM integration uses AI SRE, including basic notifications, War Room, AI SRE conversations, and AI-generated post-mortem reports. If you use the official Flashduty Slack app, complete authorization or re-authorization from the Flashduty page. If you use a self-managed Slack app, confirm each Bot Token Scope in Slack OAuth & Permissions. +The following list includes all permissions required when the Slack IM integration uses AI SRE, including basic notifications, War Room, AI SRE conversations, and AI-generated post-mortem reports. If you use the official Flashduty Slack app, complete authorization or re-authorization from the Flashduty page. If you use a self-managed Slack app, confirm each Bot Token Scope in Slack OAuth & Permissions. | Official permission name | Purpose | | :--- | :--- | diff --git a/en/on-call/integration/instant-messaging/wecom.mdx b/en/on-call/integration/instant-messaging/wecom.mdx index 09a79a0..3ebcf5c 100644 --- a/en/on-call/integration/instant-messaging/wecom.mdx +++ b/en/on-call/integration/instant-messaging/wecom.mdx @@ -9,7 +9,7 @@ description: "By integrating a WeCom third-party app, you can receive and respon ## AI SRE Required Permissions and Capabilities -WeCom does not provide per-item OAuth scope names like Slack or Feishu/Lark. The following list is the full superset of permissions and capabilities that must be enabled or configured in WeCom Admin Console when the WeCom IM integration uses AI SRE, including basic notifications, War Room, AI SRE conversations, and AI-generated post-mortem reports. Names below use WeCom console or official API names. +WeCom does not provide per-item OAuth scope names like Slack or Feishu/Lark. The following list includes all permissions and capabilities that must be enabled or configured in WeCom Admin Console when the WeCom IM integration uses AI SRE, including basic notifications, War Room, AI SRE conversations, and AI-generated post-mortem reports. Names below use WeCom console or official API names. | WeCom official name | Purpose | | :--- | :--- | diff --git a/en/openapi/introduction.mdx b/en/openapi/introduction.mdx index 52edb53..e4e98c7 100644 --- a/en/openapi/introduction.mdx +++ b/en/openapi/introduction.mdx @@ -9,7 +9,7 @@ Open API lets you call Flashduty via HTTP endpoints to query and manage entity d **Not sure if you need Open API?** Flashduty offers multiple data interaction methods: - **Open API** (this guide) — You actively call Flashduty to query or operate on data. See the [API Catalog](/en/openapi/api-catalog) for all available endpoints. -- **Standard Alert Events** — Push alerts from your custom monitoring system to Flashduty to trigger incident handling. See [Custom Alert Events](/en/on-call/integration/alert-integration/alert-sources/standard alert). +- **Standard Alert Events** — Push alerts from your custom monitoring system to Flashduty to trigger incident handling. See [Custom Alert Events](/en/on-call/integration/alert-integration/alert-sources/standard-alert). - **Custom Change Events** — Push change events to correlate with incidents for root cause analysis. See [Custom Change Events](/en/on-call/integration/change-integration/custom-event). - **Webhook Push** — Flashduty proactively pushes incident/alert event notifications to your system. See [Incident Webhook](/en/on-call/integration/webhooks/incident-webhook) and [Alert Webhook](/en/on-call/integration/webhooks/alert-webhook). - **Custom Actions** — Trigger external operations from the incident detail page. See [Custom Actions](/en/on-call/integration/webhooks/custom-actions). diff --git a/zh/on-call/advanced/reference-variables.mdx b/zh/on-call/advanced/reference-variables.mdx index 0cca4bd..9a3d2f7 100644 --- a/zh/on-call/advanced/reference-variables.mdx +++ b/zh/on-call/advanced/reference-variables.mdx @@ -10,7 +10,7 @@ keywords: ["引用变量", "模板变量", "标签引用", "动态内容", "变 -通过告警 [Event API](/zh/on-call/integration/alert-integration/alert-sources/standard alert) 上报自定义告警事件时,可以使用 `title_rule` 字段自定义告警的标题。 +通过告警 [Event API](/zh/on-call/integration/alert-integration/alert-sources/standard-alert) 上报自定义告警事件时,可以使用 `title_rule` 字段自定义告警的标题。 在告警 Pipeline 中引用变量,实现对告警的严重程度、标题和描述等信息的修改。 diff --git a/zh/on-call/incident/what-is-incident.mdx b/zh/on-call/incident/what-is-incident.mdx index e950c1f..890ce72 100644 --- a/zh/on-call/incident/what-is-incident.mdx +++ b/zh/on-call/incident/what-is-incident.mdx @@ -136,7 +136,7 @@ Flashduty On-call 支持专属集成和共享集成模式: ### 通过 API 触发故障 -Flashduty On-call 提供了一个自定义事件标准,允许您通过标准协议上报告警,适用于任何未适配的监控系统。详细文档请阅读[自定义告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard alert)。 +Flashduty On-call 提供了一个自定义事件标准,允许您通过标准协议上报告警,适用于任何未适配的监控系统。详细文档请阅读[自定义告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard-alert)。 为了保证整个系统的稳定,Flashduty On-call 对每个集成的 API 上报实施频率限制(**100 次/秒**、**1000 次/分钟**),超出限制将返回 `429` 状态码,请等待后重试。详见[接入告警 - 频率限制](/zh/on-call/channel/integrate-data#频率限制)。 diff --git a/zh/on-call/integration/alert-integration/alert-sources/http-pull.mdx b/zh/on-call/integration/alert-integration/alert-sources/http-pull.mdx index aa2a506..979466f 100644 --- a/zh/on-call/integration/alert-integration/alert-sources/http-pull.mdx +++ b/zh/on-call/integration/alert-integration/alert-sources/http-pull.mdx @@ -4,7 +4,7 @@ description: "Flashduty 主动按周期访问外部 HTTP 接口,将返回的 keywords: ["告警集成", "HTTP Pull", "拉取", "轮询", "Polling", "数据接入"] --- -通过配置一个 HTTP 端点,Flashduty 会按照您设定的周期主动发起请求,将响应解析为符合 [标准告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard alert) 协议的事件并写入告警通道。整个过程不需要您的系统具备推送能力,只要能对外暴露一个可读的告警查询接口即可。 +通过配置一个 HTTP 端点,Flashduty 会按照您设定的周期主动发起请求,将响应解析为符合 [标准告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard-alert) 协议的事件并写入告警通道。整个过程不需要您的系统具备推送能力,只要能对外暴露一个可读的告警查询接口即可。 HTTP 拉取适合 **无法主动 webhook**、**接口本身就是查询型** 或 **不希望对告警源做改造** 的场景。如果您的系统已经支持 webhook 推送,优先使用对应的推送式集成(Prometheus、Zabbix 等),延迟更低、资源开销更小。 @@ -72,7 +72,7 @@ HTTP 拉取适合 **无法主动 webhook**、**接口本身就是查询型** 或 ### 响应格式 -接口响应必须符合 Flashduty 的 [标准告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard alert) 协议(`response_mode = standard`),核心字段包括 `event_status`、`title_rule`、`alert_key`、`description`、`labels` 等。请直接参考标准告警事件文档了解每个字段的语义与长度限制。 +接口响应必须符合 Flashduty 的 [标准告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard-alert) 协议(`response_mode = standard`),核心字段包括 `event_status`、`title_rule`、`alert_key`、`description`、`labels` 等。请直接参考标准告警事件文档了解每个字段的语义与长度限制。 启用分页时,您的响应需要在标准事件载荷之外,额外暴露一个用于提取下一页游标的字段,路径由 **游标路径** 指定。常见的形态如下: diff --git a/zh/on-call/integration/alert-integration/alert-sources/standard alert.mdx b/zh/on-call/integration/alert-integration/alert-sources/standard-alert.mdx similarity index 100% rename from zh/on-call/integration/alert-integration/alert-sources/standard alert.mdx rename to zh/on-call/integration/alert-integration/alert-sources/standard-alert.mdx diff --git a/zh/on-call/integration/instant-messaging/dingtalk.mdx b/zh/on-call/integration/instant-messaging/dingtalk.mdx index ad0f544..322e507 100644 --- a/zh/on-call/integration/instant-messaging/dingtalk.mdx +++ b/zh/on-call/integration/instant-messaging/dingtalk.mdx @@ -15,7 +15,7 @@ keywords: ["钉钉", "即时消息", "告警通知", "IM集成", "钉钉机器 ## AISRE 所需权限 -以下为钉钉 IM 集成在开启 AISRE(包含基础通知、作战室、AI SRE 对话和 AI 生成复盘)时需要授予的完整超集权限。进入钉钉开放平台 开发配置 → **权限管理** 页面时,请逐项申请以下官方权限名称。 +以下为钉钉 IM 集成在开启 AISRE(包含基础通知、作战室、AI SRE 对话和 AI 生成复盘)时需要授予的完整权限清单。进入钉钉开放平台 开发配置 → **权限管理** 页面时,请逐项申请以下官方权限名称。 | 官方权限名称 | 用途 | | :--- | :--- | diff --git a/zh/on-call/integration/instant-messaging/lark.mdx b/zh/on-call/integration/instant-messaging/lark.mdx index 7684a0e..5ac400e 100644 --- a/zh/on-call/integration/instant-messaging/lark.mdx +++ b/zh/on-call/integration/instant-messaging/lark.mdx @@ -11,7 +11,7 @@ keywords: ["飞书", "Lark", "即时消息", "告警通知", "IM集成"] ## AISRE 所需权限 -以下为飞书/Lark IM 集成在开启 AISRE(包含基础通知、作战室、AI SRE 对话和 AI 生成复盘)时需要授予的完整超集权限。进入飞书/Lark 开放平台 **权限管理** 页面时,请逐项申请以下官方权限名称。 +以下为飞书/Lark IM 集成在开启 AISRE(包含基础通知、作战室、AI SRE 对话和 AI 生成复盘)时需要授予的完整权限清单。进入飞书/Lark 开放平台 **权限管理** 页面时,请逐项申请以下官方权限名称。 | 官方权限名称 | 用途 | | :--- | :--- | diff --git a/zh/on-call/integration/instant-messaging/slack.mdx b/zh/on-call/integration/instant-messaging/slack.mdx index e979c8a..f8297b8 100644 --- a/zh/on-call/integration/instant-messaging/slack.mdx +++ b/zh/on-call/integration/instant-messaging/slack.mdx @@ -10,7 +10,7 @@ keywords: ["Slack", "即时消息", "告警通知", "IM集成", "协作工具"] ## AISRE 所需权限 -以下为 Slack IM 集成在开启 AISRE(包含基础通知、作战室、AI SRE 对话和 AI 生成复盘)时需要授予的完整超集权限。使用 Flashduty 官方 Slack 应用时,请按页面提示授权或重新授权;使用自建 Slack 应用时,请在 Slack OAuth & Permissions 中逐项确认以下 Bot Token Scopes。 +以下为 Slack IM 集成在开启 AISRE(包含基础通知、作战室、AI SRE 对话和 AI 生成复盘)时需要授予的完整权限清单。使用 Flashduty 官方 Slack 应用时,请按页面提示授权或重新授权;使用自建 Slack 应用时,请在 Slack OAuth & Permissions 中逐项确认以下 Bot Token Scopes。 | 官方权限名称 | 用途 | | :--- | :--- | diff --git a/zh/on-call/integration/instant-messaging/wecom.mdx b/zh/on-call/integration/instant-messaging/wecom.mdx index 22a3a91..e88c060 100644 --- a/zh/on-call/integration/instant-messaging/wecom.mdx +++ b/zh/on-call/integration/instant-messaging/wecom.mdx @@ -10,7 +10,7 @@ keywords: ["企业微信", "WeCom", "即时消息", "告警通知", "IM集成"] ## AISRE 所需权限和能力 -企业微信没有类似 Slack、飞书/Lark 的逐项 OAuth scope 名称。以下为企业微信 IM 集成在开启 AISRE(包含基础通知、作战室、AI SRE 对话和 AI 生成复盘)时,需要在企业微信管理后台开通或配置的完整超集权限和能力;名称均使用企业微信后台或官方接口中的名称。 +企业微信没有类似 Slack、飞书/Lark 的逐项 OAuth scope 名称。以下为企业微信 IM 集成在开启 AISRE(包含基础通知、作战室、AI SRE 对话和 AI 生成复盘)时,需要在企业微信管理后台开通或配置的完整权限和能力清单;名称均使用企业微信后台或官方接口中的名称。 | 企业微信官方名称 | 用途 | | :--- | :--- | diff --git a/zh/openapi/introduction.mdx b/zh/openapi/introduction.mdx index 1b20fdc..f237c93 100644 --- a/zh/openapi/introduction.mdx +++ b/zh/openapi/introduction.mdx @@ -10,7 +10,7 @@ Open API 用于通过 HTTP 接口主动调用 Flashduty,查询和管理故障 **不确定是否需要 Open API?** Flashduty 提供多种数据交互方式: - **Open API**(本文档)— 您主动调用 Flashduty,查询或操作数据。查看 [API 总览](/zh/openapi/api-catalog) 了解全部接口。 -- **标准告警事件** — 将自研监控系统的告警推送到 Flashduty,触发故障处理流程。详见[自定义告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard alert)。 +- **标准告警事件** — 将自研监控系统的告警推送到 Flashduty,触发故障处理流程。详见[自定义告警事件](/zh/on-call/integration/alert-integration/alert-sources/standard-alert)。 - **自定义变更事件** — 推送变更事件关联故障,辅助根因分析。详见[自定义变更事件](/zh/on-call/integration/change-integration/custom-event)。 - **Webhook 推送** — Flashduty 主动向您的系统推送故障/告警事件通知。详见[故障 Webhook](/zh/on-call/integration/webhooks/incident-webhook) 和[告警 Webhook](/zh/on-call/integration/webhooks/alert-webhook)。 - **自定义操作** — 在故障详情页触发外部操作。详见[自定义操作](/zh/on-call/integration/webhooks/custom-actions)。