Update config.yaml

README.md

@@ -83,6 +83,7 @@ CyberStrikeAI is an **AI-native security testing platform** built in Go. It inte
 - 📋 Batch task management: create task queues, add multiple tasks, and execute them sequentially
 - 🎭 Role-based testing: predefined security testing roles (Penetration Testing, CTF, Web App Scanning, etc.) with custom prompts and tool restrictions
 - 🎯 Skills system: 20+ predefined security testing skills (SQL injection, XSS, API security, etc.) that can be attached to roles or called on-demand by AI agents
+- 📱 **Chatbot**: DingTalk and Lark (Feishu) long-lived connections so you can talk to CyberStrikeAI from mobile (see [Robot / Chatbot guide](docs/robot_en.md) for setup and commands)
 
 ## Tool Overview
 
@@ -460,6 +461,10 @@ tools:
 enabled: true
 ```
 
+## Related documentation
+
+- [Robot / Chatbot guide (DingTalk & Lark)](docs/robot_en.md): Full setup, commands, and troubleshooting for using CyberStrikeAI from DingTalk or Lark on your phone. **Follow this doc to avoid common pitfalls.**
+
 ## Project Layout
 
 ```
@@ -470,6 +475,7 @@ CyberStrikeAI/
 ├── tools/               # YAML tool recipes (100+ examples provided)
 ├── roles/               # Role configurations (12+ predefined security testing roles)
 ├── skills/              # Skills directory (20+ predefined security testing skills)
+├── docs/                # Documentation (e.g. robot/chbot guide)
 ├── images/              # Docs screenshots & diagrams
 ├── config.yaml          # Runtime configuration
 ├── run.sh               # Convenience launcher

README_CN.md

@@ -82,6 +82,7 @@ CyberStrikeAI 是一款 **AI 原生安全测试平台**，基于 Go 构建，集
 - 📋 批量任务管理：创建任务队列，批量添加任务，依次顺序执行，支持任务编辑与状态跟踪
 - 🎭 角色化测试：预设安全测试角色（渗透测试、CTF、Web 应用扫描等），支持自定义提示词和工具限制
 - 🎯 Skills 技能系统：20+ 预设安全测试技能（SQL 注入、XSS、API 安全等），可附加到角色或由 AI 按需调用
+- 📱 **机器人**：支持钉钉、飞书长连接，在手机端与 CyberStrikeAI 对话（配置与命令详见 [机器人使用说明](docs/robot.md)）
 
 ## 工具概览
 
@@ -459,6 +460,10 @@ tools:
 enabled: true
 ```
 
+## 相关文档
+
+- [机器人使用说明（钉钉 / 飞书）](docs/robot.md)：在手机端通过钉钉、飞书与 CyberStrikeAI 对话的完整配置步骤、命令与排查说明，**建议按该文档操作以避免走弯路**。
+
 ## 项目结构
 
 ```
@@ -469,6 +474,7 @@ CyberStrikeAI/
 ├── tools/               # YAML 工具目录（含 100+ 示例）
 ├── roles/               # 角色配置文件目录（含 12+ 预设安全测试角色）
 ├── skills/              # Skills 目录（含 20+ 预设安全测试技能）
+├── docs/                # 说明文档（如机器人使用说明）
 ├── images/              # 文档配图
 ├── config.yaml          # 运行配置
 ├── run.sh               # 启动脚本

config.yaml

@@ -10,7 +10,7 @@
 # ============================================
 
 # 前端显示的版本号（可选，不填则显示默认版本）
-version: "v1.3.9"
+version: "v1.3.10"
 
 # 服务器配置
 server:
@@ -117,6 +117,29 @@ knowledge:
     similarity_threshold: 0.7       # 相似度阈值（0-1），低于此值的结果将被过滤
     hybrid_weight: 0.7              # 混合检索权重（0-1），向量检索的权重，1.0表示纯向量检索，0.0表示纯关键词检索
 
+# ============================================
+# 机器人配置（企业微信、钉钉、飞书）
+# ============================================
+# 用于在手机端通过企业微信/钉钉/飞书与 CyberStrikeAI 对话，无需部署在服务器上也可使用
+# 在系统设置 -> 机器人设置 中可配置
+robots:
+  wecom: # 企业微信
+    enabled: false
+    token: ""
+    encoding_aes_key: ""
+    corp_id: ""
+    secret: ""
+    agent_id: 0
+  dingtalk: # 钉钉
+    enabled: false
+    client_id: 
+    client_secret: 
+  lark: # 飞书
+    enabled: false
+    app_id: ""
+    app_secret: ""
+    verify_token: ""
+
 # ============================================
 # Skills 相关配置
 # ============================================

docs/robot.md

@@ -0,0 +1,217 @@
+# CyberStrikeAI 机器人使用说明
+
+[English](robot_en.md)
+
+本文档说明如何通过**钉钉**、**飞书**与 CyberStrikeAI 对话（长连接模式），在手机端即可使用，无需在服务器上打开网页。按下面步骤操作可避免常见弯路。
+
+---
+
+## 一、在 CyberStrikeAI 里从哪里配置
+
+1. 登录 CyberStrikeAI Web 端  
+2. 左侧导航进入 **系统设置**  
+3. 在左侧设置分类中点击 **机器人设置**（位于「基本设置」与「安全设置」之间）  
+4. 按平台勾选并填写（钉钉填 Client ID / Client Secret，飞书填 App ID / App Secret）  
+5. 点击 **应用配置** 保存  
+6. **重启 CyberStrikeAI 应用**（只保存不重启，机器人不会连上）
+
+配置会写入 `config.yaml` 的 `robots` 段，也可在配置文件中直接编辑。**修改钉钉/飞书配置后必须重启，长连接才会生效。**
+
+---
+
+## 二、支持的平台（长连接）
+
+| 平台 | 说明 |
+|------|------|
+| 钉钉 | 使用 Stream 长连接，程序主动连接钉钉接收消息 |
+| 飞书 | 使用长连接，程序主动连接飞书接收消息 |
+
+下面第三节会按平台写清：在开放平台要做什么、要复制哪些字段、填到 CyberStrikeAI 的哪一栏。
+
+---
+
+## 三、各平台配置项与详细步骤
+
+### 3.1 钉钉
+
+**先搞清楚：两种钉钉机器人不一样**
+
+| 类型 | 从哪里创建 | 能否做「用户发消息→机器人回复」 | 本程序是否支持 |
+|------|------------|----------------------------------|----------------|
+| **自定义机器人** | 钉钉群里：群设置 → 添加机器人 → 自定义（Webhook） | ❌ 不能，只能你往群里发消息 | ❌ 不支持 |
+| **企业内部应用机器人** | [钉钉开放平台](https://open.dingtalk.com) 创建应用并开通机器人 | ✅ 能 | ✅ 支持 |
+
+如果你手里是「自定义机器人」的 Webhook 地址（`oapi.dingtalk.com/robot/send?access_token=xxx`）和加签密钥（`SEC...`），**不能直接填到本程序**，必须按下面步骤在开放平台创建「企业内部应用」并拿到 **Client ID**、**Client Secret**。
+
+---
+
+**钉钉配置完整步骤（按顺序做）**
+
+1. **打开钉钉开放平台**  
+   浏览器访问 [https://open.dingtalk.com](https://open.dingtalk.com)，用**企业管理员**账号登录。
+
+2. **进入应用开发**  
+   左侧选 **应用开发** → **企业内部开发** → 点击 **创建应用**（或选择已有应用）。填写应用名称等基本信息后创建。
+
+3. **拿到 Client ID 和 Client Secret**  
+   - 左侧点 **凭证与基础信息**（在「基础信息」下）。  
+   - 页面上有 **Client ID（原 AppKey）** 和 **Client Secret（原 AppSecret）**。  
+   - 点击复制，**不要手打**，注意：数字 **0** 和字母 **o**、数字 **1** 和字母 **l** 容易抄错（例如 `ding9gf9tiozuc504aer` 中间是数字 **504** 不是 5o4）。
+
+4. **开通机器人并选 Stream 模式**  
+   - 左侧 **应用能力** → **机器人**。  
+   - 打开「机器人配置」开关。  
+   - 填写机器人名称、简介等（必填项按提示填）。  
+   - **关键**：消息接收方式要选 **「Stream 模式」**（流式接入）。若只有「HTTP 回调」或未选 Stream，本程序收不到消息。  
+   - 保存。
+
+5. **权限与发布**  
+   - 左侧 **权限管理**：搜索「机器人」「消息」等，勾选**接收消息**、**发送消息**等机器人相关权限，并确认授权。  
+   - 左侧 **版本管理与发布**：若有未发布配置，点击 **发布新版本** / **上线**，否则修改不生效。
+
+6. **填回 CyberStrikeAI**  
+   - 回到 CyberStrikeAI → 系统设置 → 机器人设置 → 钉钉。  
+   - 勾选「启用钉钉机器人」。  
+   - **Client ID (AppKey)** 粘贴第 3 步复制的 Client ID。  
+   - **Client Secret** 粘贴第 3 步复制的 Client Secret。  
+   - 点击 **应用配置**，然后**重启 CyberStrikeAI**。
+
+---
+
+**CyberStrikeAI 钉钉栏位对照**
+
+| CyberStrikeAI 中填写项 | 在钉钉开放平台的来源 |
+|------------------------|------------------------|
+| 启用钉钉机器人 | 勾选即启用 |
+| Client ID (AppKey) | 凭证与基础信息 → **Client ID（原 AppKey）** |
+| Client Secret | 凭证与基础信息 → **Client Secret（原 AppSecret）** |
+
+---
+
+### 3.2 飞书 (Lark)
+
+| 配置项 | 说明 |
+|--------|------|
+| 启用飞书机器人 | 勾选后启动飞书长连接 |
+| App ID | 飞书开放平台应用凭证中的 App ID |
+| App Secret | 飞书开放平台应用凭证中的 App Secret |
+| Verify Token | 事件订阅用（可选） |
+
+**飞书配置简要步骤**：登录 [飞书开放平台](https://open.feishu.cn) → 创建企业自建应用 → 在「凭证与基础信息」中获取 **App ID**、**App Secret** → 在「应用能力」中开通**机器人**并启用相应权限 → 发布应用 → 将 App ID、App Secret 填到 CyberStrikeAI 机器人设置 → 保存并**重启应用**。
+
+---
+
+## 四、机器人命令
+
+在钉钉/飞书中向机器人发送以下**文本命令**（仅支持文本）：
+
+| 命令 | 说明 |
+|------|------|
+| **帮助** | 显示命令帮助与说明 |
+| **列表** 或 **对话列表** | 列出所有对话的标题与对话 ID |
+| **切换 \<对话ID\>** 或 **继续 \<对话ID\>** | 指定对话 ID，后续消息在该对话中继续 |
+| **新对话** | 开启一个新对话，后续消息在新对话中 |
+| **清空** | 清空当前对话上下文（效果等同「新对话」） |
+| **当前** | 显示当前对话 ID 与标题 |
+
+除以上命令外，**直接输入任意文字**会作为用户消息发给 AI，与 Web 端对话逻辑一致（渗透测试/安全分析等）。
+
+---
+
+## 五、如何使用（要 @ 机器人吗？）
+
+- **单聊（推荐）**：在钉钉/飞书里**搜索并打开该机器人**，进入与机器人的**私聊**，直接输入「帮助」或任意文字即可，**不需要 @**。  
+- **群聊**：若机器人被添加到群里，在群内只有 **@机器人** 后发送的消息才会被机器人收到并回复；不 @ 的群消息不会触发机器人。
+
+总结：和机器人**单聊时直接发**；在**群里用时需要 @机器人** 再发内容。
+
+---
+
+## 六、推荐使用流程（避免漏步骤）
+
+1. **在开放平台**：按第三节完成钉钉或飞书应用创建、凭证复制、机器人开通（钉钉务必选 **Stream 模式**）、权限与发布。  
+2. **在 CyberStrikeAI**：系统设置 → 机器人设置 → 勾选对应平台，粘贴 Client ID/App ID、Client Secret/App Secret → 点击 **应用配置**。  
+3. **重启 CyberStrikeAI 进程**（否则长连接不会建立）。  
+4. **在手机钉钉/飞书**：找到该机器人（单聊直接发，群聊需 @机器人），发「帮助」或任意内容测试。
+
+若发消息没反应，先看 **第九节排查** 和 **第十节常见弯路**。
+
+---
+
+## 七、配置文件示例
+
+`config.yaml` 中机器人相关片段示例：
+
+```yaml
+robots:
+  dingtalk:
+    enabled: true
+    client_id: "your_dingtalk_app_key"
+    client_secret: "your_dingtalk_app_secret"
+  lark:
+    enabled: true
+    app_id: "your_lark_app_id"
+    app_secret: "your_lark_app_secret"
+    verify_token: ""
+```
+
+修改后需**重启应用**，长连接在应用启动时建立。
+
+---
+
+## 八、如何验证是否可用（无需钉钉/飞书客户端）
+
+在未安装钉钉或飞书时，可用**测试接口**验证机器人逻辑是否正常：
+
+1. 先登录 CyberStrikeAI Web 端（保证有登录态）。  
+2. 使用 curl 调用测试接口（需携带登录后的 Cookie）：
+
+```bash
+# 将 YOUR_COOKIE 替换为登录后获得的 Cookie（浏览器 F12 → 网络 → 任意请求 → 请求头中的 Cookie）
+curl -X POST "http://localhost:8080/api/robot/test" \
+  -H "Content-Type: application/json" \
+  -H "Cookie: YOUR_COOKIE" \
+  -d '{"platform":"dingtalk","user_id":"test_user","text":"帮助"}'
+```
+
+若返回 JSON 中含有 `"reply":"【CyberStrikeAI 机器人命令】..."`，说明命令处理正常。可再试 `"text":"列表"`、`"text":"当前"` 等。
+
+接口说明：`POST /api/robot/test`（需登录），请求体 `{"platform":"可选","user_id":"可选","text":"必填"}`，响应 `{"reply":"回复内容"}`。
+
+---
+
+## 九、钉钉发消息没反应时排查
+
+按顺序检查：
+
+1. **Client ID / Client Secret 是否与开放平台完全一致**  
+   从「凭证与基础信息」里**复制粘贴**，不要手打。注意数字 **0** 与字母 **o**、数字 **1** 与字母 **l**（例如 `ding9gf9tiozuc504aer` 中间是 **504** 不是 5o4）。
+
+2. **是否在保存配置后重启了应用**  
+   机器人长连接在**应用启动时**建立。在 Web 端点击「应用配置」只写入配置文件，**必须重启 CyberStrikeAI 进程**后钉钉连接才会生效。
+
+3. **看程序日志**  
+   - 启动后应看到：`钉钉 Stream 正在连接…`、`钉钉 Stream 已启动（无需公网），等待收消息`。  
+   - 若出现 `钉钉 Stream 长连接退出` 且带错误信息，多为 **Client ID / Client Secret 错误**或**开放平台未开通流式接入**。  
+   - 在钉钉里发一条消息后，若有收到，应有日志：`钉钉收到消息`；若没有，说明钉钉未把消息推到本程序（回头检查开放平台「机器人」是否开通、是否选用 **Stream 模式**）。
+
+4. **开放平台侧**  
+   应用需已**发布**；在「机器人」能力中需开启**流式接入（Stream）** 用于接收消息（仅 HTTP 回调不够）；权限管理里需有机器人接收、发送消息等权限。
+
+---
+
+## 十、常见弯路（避免踩坑）
+
+- **用错了机器人类型**：在钉钉**群里**添加的「自定义」机器人（Webhook + 加签）**不能**用来做对话，本程序只支持**开放平台「企业内部应用」**里的机器人。  
+- **只保存没重启**：在 CyberStrikeAI 里改完机器人配置后必须**重启应用**，否则长连接不会建立。  
+- **Client ID 抄错**：开放平台是 `504` 就填 `504`，不要填成 `5o4`；尽量用复制粘贴。  
+- **钉钉只开了 HTTP 回调没开 Stream**：本程序通过 **Stream 长连接**收消息，开放平台里机器人的消息接收方式必须选 **Stream 模式**。  
+- **应用没发布**：开放平台里修改了机器人或权限后，要在「版本管理与发布」里**发布新版本**，否则不生效。
+
+---
+
+## 十一、注意事项
+
+- 钉钉、飞书均**仅处理文本消息**；其他类型（如图片、语音）会提示暂不支持或忽略。  
+- 会话与 Web 端共用同一套对话数据：在机器人里创建的对话会在 Web 端「对话」列表中看到，反之亦然。  
+- 机器人执行逻辑与 **`/api/agent-loop/stream`** 一致（含进度回调、过程详情写入数据库），仅不向客户端推送 SSE，最后将完整回复一次性发回钉钉/飞书/企业微信。

docs/robot_en.md

@@ -0,0 +1,216 @@
+# CyberStrikeAI Robot / Chatbot Guide
+
+[中文](robot.md)
+
+This document explains how to chat with CyberStrikeAI from **DingTalk** and **Lark (Feishu)** using long-lived connections—no need to open a browser on the server. Following the steps below helps avoid common mistakes.
+
+---
+
+## 1. Where to configure in CyberStrikeAI
+
+1. Log in to the CyberStrikeAI web UI.
+2. Open **System Settings** in the left sidebar.
+3. Click **Robot settings** (between “Basic” and “Security”).
+4. Enable the platform and fill in credentials (DingTalk: Client ID / Client Secret; Lark: App ID / App Secret).
+5. Click **Apply configuration** to save.
+6. **Restart the CyberStrikeAI process** (saving alone does not establish the connection).
+
+Settings are written to the `robots` section of `config.yaml`; you can also edit the file directly. **After changing DingTalk or Lark config, you must restart for the long-lived connection to take effect.**
+
+---
+
+## 2. Supported platforms (long-lived connection)
+
+| Platform | Description |
+|----------|-------------|
+| DingTalk | Stream long-lived connection; the app connects to DingTalk to receive messages |
+| Lark (Feishu) | Long-lived connection; the app connects to Lark to receive messages |
+
+Section 3 below describes, per platform, what to do in the developer console and which fields to copy into CyberStrikeAI.
+
+---
+
+## 3. Configuration and step-by-step setup
+
+### 3.1 DingTalk
+
+**Important: two types of DingTalk bots**
+
+| Type | Where it’s created | Can do “user sends message → bot replies”? | Supported here? |
+|------|-------------------|-------------------------------------------|------------------|
+| **Custom bot (Webhook)** | In a DingTalk group: Group settings → Add robot → Custom (Webhook) | No; you can only post to the group | No |
+| **Enterprise internal app bot** | [DingTalk Open Platform](https://open.dingtalk.com): create an app and enable the bot | Yes | Yes |
+
+If you only have a **custom bot** Webhook URL (`oapi.dingtalk.com/robot/send?access_token=...`) and sign secret (`SEC...`), **do not** put them into CyberStrikeAI. You must create an **enterprise internal app** in the open platform and obtain **Client ID** and **Client Secret** as below.
+
+---
+
+**DingTalk setup (in order)**
+
+1. **Open DingTalk Open Platform**  
+   Go to [https://open.dingtalk.com](https://open.dingtalk.com) and log in with an **enterprise admin** account.
+
+2. **Create or select an app**  
+   In the left menu: **Application development** → **Enterprise internal development** → **Create application** (or choose an existing app). Fill in the app name and create.
+
+3. **Get Client ID and Client Secret**  
+   - In the left menu open **Credentials and basic info** (under “Basic information”).  
+   - Copy **Client ID (formerly AppKey)** and **Client Secret (formerly AppSecret)**.  
+   - Use copy/paste; avoid typing by hand. Watch for **0** vs **o** and **1** vs **l** (e.g. `ding9gf9tiozuc504aer` has the digits **504**, not 5o4).
+
+4. **Enable the bot and choose Stream mode**  
+   - Left menu: **Application capabilities** → **Robot**.  
+   - Turn on “Robot configuration”.  
+   - Fill in robot name, description, etc. as required.  
+   - **Critical**: set message reception to **“Stream mode”** (流式接入). If you only enable “HTTP callback” or do not select Stream, CyberStrikeAI will not receive messages.  
+   - Save.
+
+5. **Permissions and release**  
+   - Left menu: **Permission management** — search for “robot”, “message”, etc., and enable **receive message**, **send message**, and other bot-related permissions; confirm.  
+   - Left menu: **Version management and release** — if there are unpublished changes, click **Release new version** / **Publish**; otherwise changes do not take effect.
+
+6. **Fill in CyberStrikeAI**  
+   - In CyberStrikeAI: System settings → Robot settings → DingTalk.  
+   - Enable “Enable DingTalk robot”.  
+   - Paste the Client ID and Client Secret from step 3.  
+   - Click **Apply configuration**, then **restart CyberStrikeAI**.
+
+---
+
+**Field mapping (DingTalk)**
+
+| Field in CyberStrikeAI | Source in DingTalk Open Platform |
+|------------------------|----------------------------------|
+| Enable DingTalk robot | Check to enable |
+| Client ID (AppKey) | Credentials and basic info → **Client ID (formerly AppKey)** |
+| Client Secret | Credentials and basic info → **Client Secret (formerly AppSecret)** |
+
+---
+
+### 3.2 Lark (Feishu)
+
+| Field | Description |
+|-------|-------------|
+| Enable Lark robot | Check to start the Lark long-lived connection |
+| App ID | From Lark open platform app credentials |
+| App Secret | From Lark open platform app credentials |
+| Verify Token | Optional; for event subscription |
+
+**Lark setup in short**: Log in to [Lark Open Platform](https://open.feishu.cn) → Create an enterprise app → In “Credentials and basic info” get **App ID** and **App Secret** → In “Application capabilities” enable **Robot** and the right permissions → Publish the app → Enter App ID and App Secret in CyberStrikeAI robot settings → Save and **restart** the app.
+
+---
+
+## 4. Bot commands
+
+Send these **text commands** to the bot in DingTalk or Lark (text only):
+
+| Command | Description |
+|---------|-------------|
+| **帮助** (help) | Show command help |
+| **列表** or **对话列表** (list) | List all conversation titles and IDs |
+| **切换 \<conversationID\>** or **继续 \<conversationID\>** | Continue in the given conversation |
+| **新对话** (new) | Start a new conversation |
+| **清空** (clear) | Clear current context (same effect as new conversation) |
+| **当前** (current) | Show current conversation ID and title |
+
+Any other text is sent to the AI as a user message, same as in the web UI (e.g. penetration testing, security analysis).
+
+---
+
+## 5. How to use (do I need to @ the bot?)
+
+- **Direct chat (recommended)**: In DingTalk or Lark, **search for the bot and open a direct chat**. Type “帮助” or any message; **no @ needed**.  
+- **Group chat**: If the bot is in a group, only messages that **@ the bot** are received and answered; other group messages are ignored.
+
+Summary: **Direct chat** — just send; **in a group** — @ the bot first, then send.
+
+---
+
+## 6. Recommended flow (so you don’t skip steps)
+
+1. **In the open platform**: Complete app creation, copy credentials, enable the bot (DingTalk: **Stream mode**), set permissions, and publish (Section 3).  
+2. **In CyberStrikeAI**: System settings → Robot settings → Enable the platform, paste Client ID/App ID and Client Secret/App Secret → **Apply configuration**.  
+3. **Restart the CyberStrikeAI process** (otherwise the long-lived connection is not established).  
+4. **On your phone**: Open DingTalk or Lark, find the bot (direct chat or @ in a group), send “帮助” or any message to test.
+
+If the bot does not respond, see **Section 9 (troubleshooting)** and **Section 10 (common pitfalls)**.
+
+---
+
+## 7. Config file example
+
+Example `robots` section in `config.yaml`:
+
+```yaml
+robots:
+  dingtalk:
+    enabled: true
+    client_id: "your_dingtalk_app_key"
+    client_secret: "your_dingtalk_app_secret"
+  lark:
+    enabled: true
+    app_id: "your_lark_app_id"
+    app_secret: "your_lark_app_secret"
+    verify_token: ""
+```
+
+**Restart the app** after changes; the long-lived connection is created at startup.
+
+---
+
+## 8. Testing without DingTalk/Lark installed
+
+You can verify bot logic with the **test API** (no DingTalk/Lark client needed):
+
+1. Log in to the CyberStrikeAI web UI (so you have a session).
+2. Call the test endpoint with curl (include your session Cookie):
+
+```bash
+# Replace YOUR_COOKIE with the Cookie from your browser (F12 → Network → any request → Request headers → Cookie)
+curl -X POST "http://localhost:8080/api/robot/test" \
+  -H "Content-Type: application/json" \
+  -H "Cookie: YOUR_COOKIE" \
+  -d '{"platform":"dingtalk","user_id":"test_user","text":"帮助"}'
+```
+
+If the JSON response contains `"reply":"【CyberStrikeAI 机器人命令】..."`, command handling works. You can also try `"text":"列表"` or `"text":"当前"`.
+
+API: `POST /api/robot/test` (requires login). Body: `{"platform":"optional","user_id":"optional","text":"required"}`. Response: `{"reply":"..."}`.
+
+---
+
+## 9. DingTalk: no response when sending messages
+
+Check in this order:
+
+1. **Client ID / Client Secret match the open platform exactly**  
+   Copy from “Credentials and basic info”; avoid typing. Watch **0** vs **o** and **1** vs **l** (e.g. `ding9gf9tiozuc504aer` has **504**, not 5o4).
+
+2. **Did you restart after saving?**  
+   The long-lived connection is created at **startup**. “Apply configuration” only updates the config file; you **must restart the CyberStrikeAI process** for the DingTalk connection to start.
+
+3. **Application logs**  
+   - On startup you should see: `钉钉 Stream 正在连接…`, `钉钉 Stream 已启动（无需公网），等待收消息`.  
+   - If you see `钉钉 Stream 长连接退出` with an error, it’s usually wrong **Client ID / Client Secret** or **Stream not enabled** in the open platform.  
+   - After sending a message in DingTalk, you should see `钉钉收到消息` in the logs; if not, the platform is not pushing to this app (check that the bot is enabled and **Stream mode** is selected).
+
+4. **Open platform**  
+   The app must be **published**. Under “Robot” you must enable **Stream** for receiving messages (HTTP callback only is not enough). Permission management must include robot receive/send message permissions.
+
+---
+
+## 10. Common pitfalls
+
+- **Wrong bot type**: The “Custom” bot added in a DingTalk **group** (Webhook + sign secret) **cannot** be used for two-way chat. Only the **enterprise internal app** bot from the open platform is supported.  
+- **Saved but not restarted**: After changing robot settings in CyberStrikeAI you **must restart** the app, or the long-lived connection will not be established.  
+- **Client ID typo**: If the platform shows `504`, use `504` (not `5o4`); prefer copy/paste.  
+- **DingTalk: only HTTP callback, no Stream**: This app receives messages via **Stream**. In the open platform, message reception must be **Stream mode**.  
+- **App not published**: After changing the bot or permissions in the open platform, **publish a new version** under “Version management and release”, or changes won’t apply.
+
+---
+
+## 11. Notes
+
+- DingTalk and Lark: **text messages only**; other types (e.g. image, voice) are not supported and may be ignored.  
+- Conversations are shared with the web UI: conversations created from the bot appear in the web “Conversations” list and vice versa.  
+- Bot execution uses the same logic as **`/api/agent-loop/stream`** (progress callbacks, process details stored in the DB); only the final reply is sent back to DingTalk/Lark in one message (no SSE to the client).

go.mod

@@ -7,8 +7,10 @@ toolchain go1.24.4
 require (
 	github.com/gin-gonic/gin v1.9.1
 	github.com/google/uuid v1.5.0
+	github.com/larksuite/oapi-sdk-go/v3 v3.4.22
 	github.com/mattn/go-sqlite3 v1.14.18
 	github.com/modelcontextprotocol/go-sdk v1.2.0
+	github.com/open-dingtalk/dingtalk-stream-sdk-go v0.9.1
 	github.com/pkoukk/tiktoken-go v0.1.8
 	go.uber.org/zap v1.26.0
 	gopkg.in/yaml.v3 v3.0.1
@@ -24,7 +26,9 @@ require (
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.14.0 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/google/jsonschema-go v0.3.0 // indirect
+	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.4 // indirect
 	github.com/leodido/go-urn v1.2.4 // indirect

go.sum

@@ -25,6 +25,8 @@ github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg
 github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
 github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
 github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
@@ -36,11 +38,17 @@ github.com/google/jsonschema-go v0.3.0 h1:6AH2TxVNtk3IlvkkhjrtbUc4S8AvO0Xii0DxIy
 github.com/google/jsonschema-go v0.3.0/go.mod h1:r5quNTdLOYEz95Ru18zA0ydNbBuYoo9tgaYcxEYhJVE=
 github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
 github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
+github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk=
 github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
+github.com/larksuite/oapi-sdk-go/v3 v3.4.22 h1:57daKuslQPX9X3hC2idc5bu8bl2krfsBGWGJ6b5FlD8=
+github.com/larksuite/oapi-sdk-go/v3 v3.4.22/go.mod h1:ZEplY+kwuIrj/nqw5uSCINNATcH3KdxSN7y+UxYY5fI=
 github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
 github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
 github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
@@ -54,6 +62,8 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/open-dingtalk/dingtalk-stream-sdk-go v0.9.1 h1:Lb/Uzkiw2Ugt2Xf03J5wmv81PdkYOiWbI8CNBi1boC8=
+github.com/open-dingtalk/dingtalk-stream-sdk-go v0.9.1/go.mod h1:ln3IqPYYocZbYvl9TAOrG/cxGR9xcn4pnZRLdCTEGEU=
 github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ=
 github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4=
 github.com/pkoukk/tiktoken-go v0.1.8 h1:85ENo+3FpWgAACBaEUVp+lctuTcYUO7BtmfhlN/QTRo=
@@ -77,6 +87,8 @@ github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4d
 github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 github.com/yosida95/uritemplate/v3 v3.0.2 h1:Ed3Oyj9yrmi9087+NczuL5BwkIc4wvTb5zIM+UJPGz4=
 github.com/yosida95/uritemplate/v3 v3.0.2/go.mod h1:ILOh0sOhIJR3+L/8afwt/kE++YT040gmv5BQTMR2HP4=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk=
 go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
@@ -86,21 +98,45 @@ go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/arch v0.3.0 h1:02VY4/ZcO/gBOH6PUaoiptASxtXU10jazRCP865E97k=
 golang.org/x/arch v0.3.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
 golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
 golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
 google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=

internal/app/app.go

@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"sync"
 	"time"
 
 	"cyberstrike-ai/internal/agent"
@@ -14,6 +15,7 @@ import (
 	"cyberstrike-ai/internal/database"
 	"cyberstrike-ai/internal/handler"
 	"cyberstrike-ai/internal/knowledge"
+	"cyberstrike-ai/internal/robot"
 	"cyberstrike-ai/internal/logger"
 	"cyberstrike-ai/internal/mcp"
 	"cyberstrike-ai/internal/mcp/builtin"
@@ -43,6 +45,10 @@ type App struct {
 	knowledgeIndexer   *knowledge.Indexer        // 知识库索引器（用于动态初始化）
 	knowledgeHandler   *handler.KnowledgeHandler // 知识库处理器（用于动态初始化）
 	agentHandler       *handler.AgentHandler     // Agent处理器（用于更新知识库管理器）
+	robotHandler       *handler.RobotHandler     // 机器人处理器（钉钉/飞书/企业微信）
+	robotMu            sync.Mutex                 // 保护钉钉/飞书长连接的 cancel
+	dingCancel         context.CancelFunc        // 钉钉 Stream 取消函数，用于配置变更时重启
+	larkCancel         context.CancelFunc        // 飞书长连接取消函数，用于配置变更时重启
 }
 
 // New 创建新应用
@@ -325,6 +331,7 @@ func New(cfg *config.Config, log *logger.Logger) (*App, error) {
 
 	// 创建OpenAPI处理器
 	conversationHandler := handler.NewConversationHandler(db, log.Logger)
+	robotHandler := handler.NewRobotHandler(cfg, db, agentHandler, log.Logger)
 	openAPIHandler := handler.NewOpenAPIHandler(db, log.Logger, resultStorage, conversationHandler, agentHandler)
 
 	// 创建 App 实例（部分字段稍后填充）
@@ -344,7 +351,10 @@ func New(cfg *config.Config, log *logger.Logger) (*App, error) {
 		knowledgeIndexer:   knowledgeIndexer,
 		knowledgeHandler:   knowledgeHandler,
 		agentHandler:       agentHandler,
+		robotHandler:       robotHandler,
 	}
+	// 飞书/钉钉长连接（无需公网），启用时在后台启动；后续前端应用配置时会通过 RestartRobotConnections 重启
+	app.startRobotConnections()
 
 	// 设置漏洞工具注册器（内置工具，必须设置）
 	vulnerabilityRegistrar := func() error {
@@ -401,6 +411,9 @@ func New(cfg *config.Config, log *logger.Logger) (*App, error) {
 		configHandler.SetRetrieverUpdater(knowledgeRetriever)
 	}
 
+	// 设置机器人连接重启器，前端应用配置后无需重启服务即可使钉钉/飞书新配置生效
+	configHandler.SetRobotRestarter(app)
+
 	// 设置路由（使用 App 实例以便动态获取 handler）
 	setupRoutes(
 		router,
@@ -408,6 +421,7 @@ func New(cfg *config.Config, log *logger.Logger) (*App, error) {
 		agentHandler,
 		monitorHandler,
 		conversationHandler,
+		robotHandler,
 		groupHandler,
 		configHandler,
 		externalMCPHandler,
@@ -452,6 +466,18 @@ func (a *App) Run() error {
 
 // Shutdown 关闭应用
 func (a *App) Shutdown() {
+	// 停止钉钉/飞书长连接
+	a.robotMu.Lock()
+	if a.dingCancel != nil {
+		a.dingCancel()
+		a.dingCancel = nil
+	}
+	if a.larkCancel != nil {
+		a.larkCancel()
+		a.larkCancel = nil
+	}
+	a.robotMu.Unlock()
+
 	// 停止所有外部MCP客户端
 	if a.externalMCPMgr != nil {
 		a.externalMCPMgr.StopAll()
@@ -465,6 +491,40 @@ func (a *App) Shutdown() {
 	}
 }
 
+// startRobotConnections 根据当前配置启动钉钉/飞书长连接（不先关闭已有连接，仅用于首次启动）
+func (a *App) startRobotConnections() {
+	a.robotMu.Lock()
+	defer a.robotMu.Unlock()
+	cfg := a.config
+	if cfg.Robots.Lark.Enabled && cfg.Robots.Lark.AppID != "" && cfg.Robots.Lark.AppSecret != "" {
+		ctx, cancel := context.WithCancel(context.Background())
+		a.larkCancel = cancel
+		go robot.StartLark(ctx, cfg.Robots.Lark, a.robotHandler, a.logger.Logger)
+	}
+	if cfg.Robots.Dingtalk.Enabled && cfg.Robots.Dingtalk.ClientID != "" && cfg.Robots.Dingtalk.ClientSecret != "" {
+		ctx, cancel := context.WithCancel(context.Background())
+		a.dingCancel = cancel
+		go robot.StartDing(ctx, cfg.Robots.Dingtalk, a.robotHandler, a.logger.Logger)
+	}
+}
+
+// RestartRobotConnections 重启钉钉/飞书长连接，使前端应用配置后立即生效（实现 handler.RobotRestarter）
+func (a *App) RestartRobotConnections() {
+	a.robotMu.Lock()
+	if a.dingCancel != nil {
+		a.dingCancel()
+		a.dingCancel = nil
+	}
+	if a.larkCancel != nil {
+		a.larkCancel()
+		a.larkCancel = nil
+	}
+	a.robotMu.Unlock()
+	// 给旧 goroutine 一点时间退出
+	time.Sleep(200 * time.Millisecond)
+	a.startRobotConnections()
+}
+
 // setupRoutes 设置路由
 func setupRoutes(
 	router *gin.Engine,
@@ -472,6 +532,7 @@ func setupRoutes(
 	agentHandler *handler.AgentHandler,
 	monitorHandler *handler.MonitorHandler,
 	conversationHandler *handler.ConversationHandler,
+	robotHandler *handler.RobotHandler,
 	groupHandler *handler.GroupHandler,
 	configHandler *handler.ConfigHandler,
 	externalMCPHandler *handler.ExternalMCPHandler,
@@ -497,9 +558,18 @@ func setupRoutes(
 		authRoutes.GET("/validate", security.AuthMiddleware(authManager), authHandler.Validate)
 	}
 
+	// 机器人回调（无需登录，供企业微信/钉钉/飞书服务器调用）
+	api.GET("/robot/wecom", robotHandler.HandleWecomGET)
+	api.POST("/robot/wecom", robotHandler.HandleWecomPOST)
+	api.POST("/robot/dingtalk", robotHandler.HandleDingtalkPOST)
+	api.POST("/robot/lark", robotHandler.HandleLarkPOST)
+
 	protected := api.Group("")
 	protected.Use(security.AuthMiddleware(authManager))
 	{
+		// 机器人测试（需登录）：POST /api/robot/test，body: {"platform":"dingtalk","user_id":"test","text":"帮助"}，用于验证机器人逻辑
+		protected.POST("/robot/test", robotHandler.HandleRobotTest)
+
 		// Agent Loop
 		protected.POST("/agent-loop", agentHandler.AgentLoop)
 		// Agent Loop 流式输出

internal/config/config.go

@@ -25,11 +25,44 @@ type Config struct {
 	Auth        AuthConfig            `yaml:"auth"`
 	ExternalMCP ExternalMCPConfig     `yaml:"external_mcp,omitempty"`
 	Knowledge   KnowledgeConfig       `yaml:"knowledge,omitempty"`
+	Robots      RobotsConfig          `yaml:"robots,omitempty" json:"robots,omitempty"`         // 企业微信/钉钉/飞书等机器人配置
 	RolesDir    string                `yaml:"roles_dir,omitempty" json:"roles_dir,omitempty"`   // 角色配置文件目录（新方式）
 	Roles       map[string]RoleConfig `yaml:"roles,omitempty" json:"roles,omitempty"`           // 向后兼容：支持在主配置文件中定义角色
 	SkillsDir   string                `yaml:"skills_dir,omitempty" json:"skills_dir,omitempty"` // Skills配置文件目录
 }
 
+// RobotsConfig 机器人配置（企业微信、钉钉、飞书等）
+type RobotsConfig struct {
+	Wecom   RobotWecomConfig   `yaml:"wecom,omitempty" json:"wecom,omitempty"`     // 企业微信
+	Dingtalk RobotDingtalkConfig `yaml:"dingtalk,omitempty" json:"dingtalk,omitempty"` // 钉钉
+	Lark    RobotLarkConfig    `yaml:"lark,omitempty" json:"lark,omitempty"`     // 飞书
+}
+
+// RobotWecomConfig 企业微信机器人配置
+type RobotWecomConfig struct {
+	Enabled       bool   `yaml:"enabled" json:"enabled"`
+	Token         string `yaml:"token" json:"token"`                     // 回调 URL 校验 Token
+	EncodingAESKey string `yaml:"encoding_aes_key" json:"encoding_aes_key"` // EncodingAESKey
+	CorpID        string `yaml:"corp_id" json:"corp_id"`               // 企业 ID
+	Secret        string `yaml:"secret" json:"secret"`                  // 应用 Secret
+	AgentID       int64  `yaml:"agent_id" json:"agent_id"`              // 应用 AgentId
+}
+
+// RobotDingtalkConfig 钉钉机器人配置
+type RobotDingtalkConfig struct {
+	Enabled      bool   `yaml:"enabled" json:"enabled"`
+	ClientID     string `yaml:"client_id" json:"client_id"`         // 应用 Key (AppKey)
+	ClientSecret string `yaml:"client_secret" json:"client_secret"` // 应用 Secret
+}
+
+// RobotLarkConfig 飞书机器人配置
+type RobotLarkConfig struct {
+	Enabled   bool   `yaml:"enabled" json:"enabled"`
+	AppID     string `yaml:"app_id" json:"app_id"`         // 应用 App ID
+	AppSecret string `yaml:"app_secret" json:"app_secret"` // 应用 App Secret
+	VerifyToken string `yaml:"verify_token" json:"verify_token"` // 事件订阅 Verification Token（可选）
+}
+
 type ServerConfig struct {
 	Host string `yaml:"host"`
 	Port int    `yaml:"port"`

internal/handler/agent.go

@@ -259,6 +259,96 @@ func (h *AgentHandler) AgentLoop(c *gin.Context) {
 	})
 }
 
+// ProcessMessageForRobot 供机器人（企业微信/钉钉/飞书）调用：与 /api/agent-loop/stream 相同执行路径（含 progressCallback、过程详情），仅不发送 SSE，最后返回完整回复
+func (h *AgentHandler) ProcessMessageForRobot(ctx context.Context, conversationID, message, role string) (response string, convID string, err error) {
+	if conversationID == "" {
+		title := safeTruncateString(message, 50)
+		conv, createErr := h.db.CreateConversation(title)
+		if createErr != nil {
+			return "", "", fmt.Errorf("创建对话失败: %w", createErr)
+		}
+		conversationID = conv.ID
+	} else {
+		if _, getErr := h.db.GetConversation(conversationID); getErr != nil {
+			return "", "", fmt.Errorf("对话不存在")
+		}
+	}
+
+	agentHistoryMessages, err := h.loadHistoryFromReActData(conversationID)
+	if err != nil {
+		historyMessages, getErr := h.db.GetMessages(conversationID)
+		if getErr != nil {
+			agentHistoryMessages = []agent.ChatMessage{}
+		} else {
+			agentHistoryMessages = make([]agent.ChatMessage, 0, len(historyMessages))
+			for _, msg := range historyMessages {
+				agentHistoryMessages = append(agentHistoryMessages, agent.ChatMessage{Role: msg.Role, Content: msg.Content})
+			}
+		}
+	}
+
+	finalMessage := message
+	var roleTools, roleSkills []string
+	if role != "" && role != "默认" && h.config.Roles != nil {
+		if r, exists := h.config.Roles[role]; exists && r.Enabled {
+			if r.UserPrompt != "" {
+				finalMessage = r.UserPrompt + "\n\n" + message
+			}
+			roleTools = r.Tools
+			roleSkills = r.Skills
+		}
+	}
+
+	if _, err = h.db.AddMessage(conversationID, "user", message, nil); err != nil {
+		return "", "", fmt.Errorf("保存用户消息失败: %w", err)
+	}
+
+	// 与 agent-loop/stream 一致：先创建助手消息占位，用 progressCallback 写过程详情（不发送 SSE）
+	assistantMsg, err := h.db.AddMessage(conversationID, "assistant", "处理中...", nil)
+	if err != nil {
+		h.logger.Warn("机器人：创建助手消息占位失败", zap.Error(err))
+	}
+	var assistantMessageID string
+	if assistantMsg != nil {
+		assistantMessageID = assistantMsg.ID
+	}
+	progressCallback := h.createProgressCallback(conversationID, assistantMessageID, nil)
+
+	result, err := h.agent.AgentLoopWithProgress(ctx, finalMessage, agentHistoryMessages, conversationID, progressCallback, roleTools, roleSkills)
+	if err != nil {
+		errMsg := "执行失败: " + err.Error()
+		if assistantMessageID != "" {
+			_, _ = h.db.Exec("UPDATE messages SET content = ? WHERE id = ?", errMsg, assistantMessageID)
+			_ = h.db.AddProcessDetail(assistantMessageID, conversationID, "error", errMsg, nil)
+		}
+		return "", conversationID, err
+	}
+
+	// 更新助手消息内容与 MCP 执行 ID（与 stream 一致）
+	if assistantMessageID != "" {
+		mcpIDsJSON := ""
+		if len(result.MCPExecutionIDs) > 0 {
+			jsonData, _ := json.Marshal(result.MCPExecutionIDs)
+			mcpIDsJSON = string(jsonData)
+		}
+		_, err = h.db.Exec(
+			"UPDATE messages SET content = ?, mcp_execution_ids = ? WHERE id = ?",
+			result.Response, mcpIDsJSON, assistantMessageID,
+		)
+		if err != nil {
+			h.logger.Warn("机器人：更新助手消息失败", zap.Error(err))
+		}
+	} else {
+		if _, err = h.db.AddMessage(conversationID, "assistant", result.Response, result.MCPExecutionIDs); err != nil {
+			h.logger.Warn("机器人：保存助手消息失败", zap.Error(err))
+		}
+	}
+	if result.LastReActInput != "" || result.LastReActOutput != "" {
+		_ = h.db.SaveReActData(conversationID, result.LastReActInput, result.LastReActOutput)
+	}
+	return result.Response, conversationID, nil
+}
+
 // StreamEvent 流式事件
 type StreamEvent struct {
 	Type    string      `json:"type"`    // conversation, progress, tool_call, tool_result, response, error, cancelled, done

internal/handler/config.go

@@ -44,6 +44,11 @@ type AppUpdater interface {
 	UpdateKnowledgeComponents(handler *KnowledgeHandler, manager interface{}, retriever interface{}, indexer interface{})
 }
 
+// RobotRestarter 机器人连接重启器（用于配置应用后重启钉钉/飞书长连接）
+type RobotRestarter interface {
+	RestartRobotConnections()
+}
+
 // ConfigHandler 配置处理器
 type ConfigHandler struct {
 	configPath                 string
@@ -59,6 +64,7 @@ type ConfigHandler struct {
 	retrieverUpdater           RetrieverUpdater           // 检索器更新器（可选）
 	knowledgeInitializer       KnowledgeInitializer       // 知识库初始化器（可选）
 	appUpdater                 AppUpdater                 // App更新器（可选）
+	robotRestarter             RobotRestarter             // 机器人连接重启器（可选），ApplyConfig 时重启钉钉/飞书
 	logger                     *zap.Logger
 	mu                         sync.RWMutex
 	lastEmbeddingConfig        *config.EmbeddingConfig // 上一次的嵌入模型配置（用于检测变更）
@@ -142,6 +148,13 @@ func (h *ConfigHandler) SetAppUpdater(updater AppUpdater) {
 	h.appUpdater = updater
 }
 
+// SetRobotRestarter 设置机器人连接重启器（ApplyConfig 时用于重启钉钉/飞书长连接）
+func (h *ConfigHandler) SetRobotRestarter(restarter RobotRestarter) {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	h.robotRestarter = restarter
+}
+
 // GetConfigResponse 获取配置响应
 type GetConfigResponse struct {
 	OpenAI    config.OpenAIConfig    `json:"openai"`
@@ -150,6 +163,7 @@ type GetConfigResponse struct {
 	Tools     []ToolConfigInfo       `json:"tools"`
 	Agent     config.AgentConfig     `json:"agent"`
 	Knowledge config.KnowledgeConfig `json:"knowledge"`
+	Robots    config.RobotsConfig     `json:"robots,omitempty"`
 }
 
 // ToolConfigInfo 工具配置信息
@@ -222,6 +236,7 @@ func (h *ConfigHandler) GetConfig(c *gin.Context) {
 		Tools:     tools,
 		Agent:     h.config.Agent,
 		Knowledge: h.config.Knowledge,
+		Robots:    h.config.Robots,
 	})
 }
 
@@ -479,6 +494,7 @@ type UpdateConfigRequest struct {
 	Tools     []ToolEnableStatus      `json:"tools,omitempty"`
 	Agent     *config.AgentConfig     `json:"agent,omitempty"`
 	Knowledge *config.KnowledgeConfig `json:"knowledge,omitempty"`
+	Robots    *config.RobotsConfig    `json:"robots,omitempty"`
 }
 
 // ToolEnableStatus 工具启用状态
@@ -555,6 +571,16 @@ func (h *ConfigHandler) UpdateConfig(c *gin.Context) {
 		)
 	}
 
+	// 更新机器人配置
+	if req.Robots != nil {
+		h.config.Robots = *req.Robots
+		h.logger.Info("更新机器人配置",
+			zap.Bool("wecom_enabled", h.config.Robots.Wecom.Enabled),
+			zap.Bool("dingtalk_enabled", h.config.Robots.Dingtalk.Enabled),
+			zap.Bool("lark_enabled", h.config.Robots.Lark.Enabled),
+		)
+	}
+
 	// 更新工具启用状态
 	if req.Tools != nil {
 		// 分离内部工具和外部工具
@@ -824,6 +850,12 @@ func (h *ConfigHandler) ApplyConfig(c *gin.Context) {
 		}
 	}
 
+	// 重启钉钉/飞书长连接，使前端修改的机器人配置立即生效（无需重启服务）
+	if h.robotRestarter != nil {
+		h.robotRestarter.RestartRobotConnections()
+		h.logger.Info("已触发机器人连接重启（钉钉/飞书）")
+	}
+
 	h.logger.Info("配置已应用",
 		zap.Int("tools_count", len(h.config.Security.Tools)),
 	)
@@ -856,6 +888,7 @@ func (h *ConfigHandler) saveConfig() error {
 	updateOpenAIConfig(root, h.config.OpenAI)
 	updateFOFAConfig(root, h.config.FOFA)
 	updateKnowledgeConfig(root, h.config.Knowledge)
+	updateRobotsConfig(root, h.config.Robots)
 	// 更新外部MCP配置（使用external_mcp.go中的函数，同一包中可直接调用）
 	// 读取原始配置以保持向后兼容
 	originalConfigs := make(map[string]map[string]bool)
@@ -1031,6 +1064,30 @@ func updateKnowledgeConfig(doc *yaml.Node, cfg config.KnowledgeConfig) {
 	setFloatInMap(retrievalNode, "hybrid_weight", cfg.Retrieval.HybridWeight)
 }
 
+func updateRobotsConfig(doc *yaml.Node, cfg config.RobotsConfig) {
+	root := doc.Content[0]
+	robotsNode := ensureMap(root, "robots")
+
+	wecomNode := ensureMap(robotsNode, "wecom")
+	setBoolInMap(wecomNode, "enabled", cfg.Wecom.Enabled)
+	setStringInMap(wecomNode, "token", cfg.Wecom.Token)
+	setStringInMap(wecomNode, "encoding_aes_key", cfg.Wecom.EncodingAESKey)
+	setStringInMap(wecomNode, "corp_id", cfg.Wecom.CorpID)
+	setStringInMap(wecomNode, "secret", cfg.Wecom.Secret)
+	setIntInMap(wecomNode, "agent_id", int(cfg.Wecom.AgentID))
+
+	dingtalkNode := ensureMap(robotsNode, "dingtalk")
+	setBoolInMap(dingtalkNode, "enabled", cfg.Dingtalk.Enabled)
+	setStringInMap(dingtalkNode, "client_id", cfg.Dingtalk.ClientID)
+	setStringInMap(dingtalkNode, "client_secret", cfg.Dingtalk.ClientSecret)
+
+	larkNode := ensureMap(robotsNode, "lark")
+	setBoolInMap(larkNode, "enabled", cfg.Lark.Enabled)
+	setStringInMap(larkNode, "app_id", cfg.Lark.AppID)
+	setStringInMap(larkNode, "app_secret", cfg.Lark.AppSecret)
+	setStringInMap(larkNode, "verify_token", cfg.Lark.VerifyToken)
+}
+
 func ensureMap(parent *yaml.Node, path ...string) *yaml.Node {
 	current := parent
 	for _, key := range path {

internal/handler/robot.go

@@ -0,0 +1,401 @@
+package handler
+
+import (
+	"context"
+	"crypto/aes"
+	"crypto/cipher"
+	"encoding/base64"
+	"encoding/binary"
+	"encoding/xml"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"sync"
+	"time"
+
+	"cyberstrike-ai/internal/config"
+	"cyberstrike-ai/internal/database"
+
+	"github.com/gin-gonic/gin"
+	"go.uber.org/zap"
+)
+
+const (
+	robotCmdHelp    = "帮助"
+	robotCmdList    = "列表"
+	robotCmdListAlt = "对话列表"
+	robotCmdSwitch  = "切换"
+	robotCmdContinue = "继续"
+	robotCmdNew     = "新对话"
+	robotCmdClear   = "清空"
+	robotCmdCurrent = "当前"
+)
+
+// RobotHandler 企业微信/钉钉/飞书等机器人回调处理
+type RobotHandler struct {
+	config       *config.Config
+	db           *database.DB
+	agentHandler *AgentHandler
+	logger       *zap.Logger
+	mu           sync.RWMutex
+	sessions     map[string]string // key: "platform_userID", value: conversationID
+}
+
+// NewRobotHandler 创建机器人处理器
+func NewRobotHandler(cfg *config.Config, db *database.DB, agentHandler *AgentHandler, logger *zap.Logger) *RobotHandler {
+	return &RobotHandler{
+		config:       cfg,
+		db:           db,
+		agentHandler: agentHandler,
+		logger:       logger,
+		sessions:     make(map[string]string),
+	}
+}
+
+// sessionKey 生成会话 key
+func (h *RobotHandler) sessionKey(platform, userID string) string {
+	return platform + "_" + userID
+}
+
+// getOrCreateConversation 获取或创建当前会话
+func (h *RobotHandler) getOrCreateConversation(platform, userID string) (convID string, isNew bool) {
+	h.mu.RLock()
+	convID = h.sessions[h.sessionKey(platform, userID)]
+	h.mu.RUnlock()
+	if convID != "" {
+		return convID, false
+	}
+	conv, err := h.db.CreateConversation("机器人对话")
+	if err != nil {
+		h.logger.Warn("创建机器人会话失败", zap.Error(err))
+		return "", false
+	}
+	convID = conv.ID
+	h.mu.Lock()
+	h.sessions[h.sessionKey(platform, userID)] = convID
+	h.mu.Unlock()
+	return convID, true
+}
+
+// setConversation 切换当前会话
+func (h *RobotHandler) setConversation(platform, userID, convID string) {
+	h.mu.Lock()
+	h.sessions[h.sessionKey(platform, userID)] = convID
+	h.mu.Unlock()
+}
+
+// clearConversation 清空当前会话（切换到新对话）
+func (h *RobotHandler) clearConversation(platform, userID string) (newConvID string) {
+	conv, err := h.db.CreateConversation("新对话")
+	if err != nil {
+		h.logger.Warn("创建新对话失败", zap.Error(err))
+		return ""
+	}
+	h.setConversation(platform, userID, conv.ID)
+	return conv.ID
+}
+
+// HandleMessage 处理用户输入，返回回复文本（供各平台 webhook 调用）
+func (h *RobotHandler) HandleMessage(platform, userID, text string) (reply string) {
+	text = strings.TrimSpace(text)
+	if text == "" {
+		return "请输入内容或发送「帮助」查看命令。"
+	}
+
+	// 命令分发
+	switch {
+	case text == robotCmdHelp || text == "help" || text == "？" || text == "?":
+		return h.cmdHelp()
+	case text == robotCmdList || text == robotCmdListAlt:
+		return h.cmdList(userID)
+	case strings.HasPrefix(text, robotCmdSwitch+" ") || strings.HasPrefix(text, robotCmdContinue+" "):
+		var id string
+		if strings.HasPrefix(text, robotCmdSwitch+" ") {
+			id = strings.TrimSpace(text[len(robotCmdSwitch)+1:])
+		} else {
+			id = strings.TrimSpace(text[len(robotCmdContinue)+1:])
+		}
+		return h.cmdSwitch(platform, userID, id)
+	case text == robotCmdNew:
+		return h.cmdNew(platform, userID)
+	case text == robotCmdClear:
+		return h.cmdClear(platform, userID)
+	case text == robotCmdCurrent:
+		return h.cmdCurrent(platform, userID)
+	}
+
+	// 普通消息：走 Agent
+	convID, _ := h.getOrCreateConversation(platform, userID)
+	if convID == "" {
+		return "无法创建或获取对话，请稍后再试。"
+	}
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
+	defer cancel()
+	resp, newConvID, err := h.agentHandler.ProcessMessageForRobot(ctx, convID, text, "默认")
+	if err != nil {
+		h.logger.Warn("机器人 Agent 执行失败", zap.String("platform", platform), zap.String("userID", userID), zap.Error(err))
+		return "处理失败: " + err.Error()
+	}
+	if newConvID != convID {
+		h.setConversation(platform, userID, newConvID)
+	}
+	return resp
+}
+
+func (h *RobotHandler) cmdHelp() string {
+	return `【CyberStrikeAI 机器人命令】
+· 帮助 — 显示本帮助
+· 列表 / 对话列表 — 列出所有对话标题与 ID
+· 切换 <对话ID> / 继续 <对话ID> — 指定对话继续
+· 新对话 — 开启新对话
+· 清空 — 清空当前上下文（等同于新对话）
+· 当前 — 显示当前对话 ID 与标题
+除以上命令外，直接输入内容将发送给 AI 进行渗透测试/安全分析。`
+}
+
+func (h *RobotHandler) cmdList(userID string) string {
+	convs, err := h.db.ListConversations(50, 0, "")
+	if err != nil {
+		return "获取对话列表失败: " + err.Error()
+	}
+	if len(convs) == 0 {
+		return "暂无对话。发送任意内容将自动创建新对话。"
+	}
+	var b strings.Builder
+	b.WriteString("【对话列表】\n")
+	for i, c := range convs {
+		if i >= 20 {
+			b.WriteString("… 仅显示前 20 条\n")
+			break
+		}
+		b.WriteString(fmt.Sprintf("· %s\n  ID: %s\n", c.Title, c.ID))
+	}
+	return strings.TrimSuffix(b.String(), "\n")
+}
+
+func (h *RobotHandler) cmdSwitch(platform, userID, convID string) string {
+	if convID == "" {
+		return "请指定对话 ID，例如：切换 xxx-xxx-xxx"
+	}
+	conv, err := h.db.GetConversation(convID)
+	if err != nil {
+		return "对话不存在或 ID 错误。"
+	}
+	h.setConversation(platform, userID, conv.ID)
+	return fmt.Sprintf("已切换到对话：「%s」\nID: %s", conv.Title, conv.ID)
+}
+
+func (h *RobotHandler) cmdNew(platform, userID string) string {
+	newID := h.clearConversation(platform, userID)
+	if newID == "" {
+		return "创建新对话失败，请重试。"
+	}
+	return "已开启新对话，可直接发送内容。"
+}
+
+func (h *RobotHandler) cmdClear(platform, userID string) string {
+	return h.cmdNew(platform, userID)
+}
+
+func (h *RobotHandler) cmdCurrent(platform, userID string) string {
+	h.mu.RLock()
+	convID := h.sessions[h.sessionKey(platform, userID)]
+	h.mu.RUnlock()
+	if convID == "" {
+		return "当前没有进行中的对话。发送任意内容将创建新对话。"
+	}
+	conv, err := h.db.GetConversation(convID)
+	if err != nil {
+		return "当前对话 ID: " + convID + "（获取标题失败）"
+	}
+	return fmt.Sprintf("当前对话：「%s」\nID: %s", conv.Title, conv.ID)
+}
+
+// —————— 企业微信 ——————
+
+// wecomXML 企业微信回调 XML（明文模式下的简化结构；加密模式需先解密再解析）
+type wecomXML struct {
+	ToUserName   string `xml:"ToUserName"`
+	FromUserName string `xml:"FromUserName"`
+	CreateTime   int64  `xml:"CreateTime"`
+	MsgType      string `xml:"MsgType"`
+	Content      string `xml:"Content"`
+	MsgID        string `xml:"MsgId"`
+	AgentID      int64  `xml:"AgentID"`
+	Encrypt      string `xml:"Encrypt"` // 加密模式下消息在此
+}
+
+// wecomReplyXML 被动回复 XML
+type wecomReplyXML struct {
+	XMLName      xml.Name `xml:"xml"`
+	ToUserName   string   `xml:"ToUserName"`
+	FromUserName string  `xml:"FromUserName"`
+	CreateTime   int64   `xml:"CreateTime"`
+	MsgType      string  `xml:"MsgType"`
+	Content      string  `xml:"Content"`
+}
+
+// HandleWecomGET 企业微信 URL 校验（GET）
+func (h *RobotHandler) HandleWecomGET(c *gin.Context) {
+	if !h.config.Robots.Wecom.Enabled {
+		c.String(http.StatusNotFound, "")
+		return
+	}
+	echostr := c.Query("echostr")
+	if echostr == "" {
+		c.String(http.StatusBadRequest, "missing echostr")
+		return
+	}
+	// 明文模式时企业微信可能直接传 echostr，先直接返回以通过校验
+	c.String(http.StatusOK, echostr)
+}
+
+// wecomDecrypt 企业微信消息解密（AES-256-CBC，PKCS7，明文格式：16字节随机+4字节长度+消息+corpID）
+func wecomDecrypt(encodingAESKey, encryptedB64 string) ([]byte, error) {
+	key, err := base64.StdEncoding.DecodeString(encodingAESKey + "=")
+	if err != nil {
+		return nil, err
+	}
+	if len(key) != 32 {
+		return nil, fmt.Errorf("encoding_aes_key 解码后应为 32 字节")
+	}
+	ciphertext, err := base64.StdEncoding.DecodeString(encryptedB64)
+	if err != nil {
+		return nil, err
+	}
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	iv := key[:16]
+	mode := cipher.NewCBCDecrypter(block, iv)
+	if len(ciphertext)%aes.BlockSize != 0 {
+		return nil, fmt.Errorf("密文长度不是块大小的倍数")
+	}
+	plain := make([]byte, len(ciphertext))
+	mode.CryptBlocks(plain, ciphertext)
+	// 去除 PKCS7 填充
+	n := int(plain[len(plain)-1])
+	if n < 1 || n > 32 {
+		return nil, fmt.Errorf("无效的 PKCS7 填充")
+	}
+	plain = plain[:len(plain)-n]
+	// 企业微信格式：16 字节随机 + 4 字节长度(大端) + 消息 + corpID
+	if len(plain) < 20 {
+		return nil, fmt.Errorf("明文过短")
+	}
+	msgLen := binary.BigEndian.Uint32(plain[16:20])
+	if int(20+msgLen) > len(plain) {
+		return nil, fmt.Errorf("消息长度越界")
+	}
+	return plain[20 : 20+msgLen], nil
+}
+
+// HandleWecomPOST 企业微信消息回调（POST），支持明文与加密模式
+func (h *RobotHandler) HandleWecomPOST(c *gin.Context) {
+	if !h.config.Robots.Wecom.Enabled {
+		c.String(http.StatusOK, "")
+		return
+	}
+	bodyRaw, _ := io.ReadAll(c.Request.Body)
+	var body wecomXML
+	if err := xml.Unmarshal(bodyRaw, &body); err != nil {
+		h.logger.Debug("企业微信 POST 解析 XML 失败", zap.Error(err))
+		c.String(http.StatusOK, "")
+		return
+	}
+	// 加密模式：先解密再解析内层 XML
+	if body.Encrypt != "" && h.config.Robots.Wecom.EncodingAESKey != "" {
+		decrypted, err := wecomDecrypt(h.config.Robots.Wecom.EncodingAESKey, body.Encrypt)
+		if err != nil {
+			h.logger.Warn("企业微信消息解密失败", zap.Error(err))
+			c.String(http.StatusOK, "")
+			return
+		}
+		if err := xml.Unmarshal(decrypted, &body); err != nil {
+			h.logger.Warn("企业微信解密后 XML 解析失败", zap.Error(err))
+			c.String(http.StatusOK, "")
+			return
+		}
+	}
+	if body.MsgType != "text" {
+		c.XML(http.StatusOK, wecomReplyXML{
+			ToUserName:   body.FromUserName,
+			FromUserName: body.ToUserName,
+			CreateTime:  time.Now().Unix(),
+			MsgType:     "text",
+			Content:     "暂仅支持文本消息，请发送文字。",
+		})
+		return
+	}
+	userID := body.FromUserName
+	text := strings.TrimSpace(body.Content)
+	reply := h.HandleMessage("wecom", userID, text)
+	// 加密模式需加密回复（此处简化为明文回复；若企业要求加密需再实现加密）
+	c.XML(http.StatusOK, wecomReplyXML{
+		ToUserName:   body.FromUserName,
+		FromUserName: body.ToUserName,
+		CreateTime:  time.Now().Unix(),
+		MsgType:     "text",
+		Content:     reply,
+	})
+}
+
+// —————— 测试接口（需登录，用于验证机器人逻辑，无需钉钉/飞书客户端） ——————
+
+// RobotTestRequest 模拟机器人消息请求
+type RobotTestRequest struct {
+	Platform string `json:"platform"` // 如 "dingtalk"、"lark"、"wecom"
+	UserID   string `json:"user_id"`
+	Text     string `json:"text"`
+}
+
+// HandleRobotTest 供本地验证：POST JSON { "platform", "user_id", "text" }，返回 { "reply": "..." }
+func (h *RobotHandler) HandleRobotTest(c *gin.Context) {
+	var req RobotTestRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "请求体需为 JSON，包含 platform、user_id、text"})
+		return
+	}
+	platform := strings.TrimSpace(req.Platform)
+	if platform == "" {
+		platform = "test"
+	}
+	userID := strings.TrimSpace(req.UserID)
+	if userID == "" {
+		userID = "test_user"
+	}
+	reply := h.HandleMessage(platform, userID, req.Text)
+	c.JSON(http.StatusOK, gin.H{"reply": reply})
+}
+
+// —————— 钉钉 ——————
+
+// HandleDingtalkPOST 钉钉事件回调（流式接入等）；当前为占位，返回 200
+func (h *RobotHandler) HandleDingtalkPOST(c *gin.Context) {
+	if !h.config.Robots.Dingtalk.Enabled {
+		c.JSON(http.StatusOK, gin.H{})
+		return
+	}
+	// 钉钉流式/事件回调格式需按官方文档解析并异步回复，此处仅返回 200
+	c.JSON(http.StatusOK, gin.H{"message": "ok"})
+}
+
+// —————— 飞书 ——————
+
+// HandleLarkPOST 飞书事件回调；当前为占位，返回 200；验证时需返回 challenge
+func (h *RobotHandler) HandleLarkPOST(c *gin.Context) {
+	if !h.config.Robots.Lark.Enabled {
+		c.JSON(http.StatusOK, gin.H{})
+		return
+	}
+	var body struct {
+		Challenge string `json:"challenge"`
+	}
+	if err := c.ShouldBindJSON(&body); err == nil && body.Challenge != "" {
+		c.JSON(http.StatusOK, gin.H{"challenge": body.Challenge})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{})
+}

internal/robot/conn.go

@@ -0,0 +1,6 @@
+package robot
+
+// MessageHandler 供飞书/钉钉长连接调用的消息处理接口（由 handler.RobotHandler 实现）
+type MessageHandler interface {
+	HandleMessage(platform, userID, text string) string
+}

internal/robot/ding.go

@@ -0,0 +1,98 @@
+package robot
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"net/http"
+	"strings"
+
+	"cyberstrike-ai/internal/config"
+
+	"github.com/open-dingtalk/dingtalk-stream-sdk-go/chatbot"
+	"github.com/open-dingtalk/dingtalk-stream-sdk-go/client"
+	dingutils "github.com/open-dingtalk/dingtalk-stream-sdk-go/utils"
+	"go.uber.org/zap"
+)
+
+// StartDing 启动钉钉 Stream 长连接（无需公网），收到消息后调用 handler 并通过 SessionWebhook 回复。
+// ctx 被取消时长连接会退出，便于配置变更时重启。
+func StartDing(ctx context.Context, cfg config.RobotDingtalkConfig, h MessageHandler, logger *zap.Logger) {
+	if !cfg.Enabled || cfg.ClientID == "" || cfg.ClientSecret == "" {
+		return
+	}
+	streamClient := client.NewStreamClient(
+		client.WithAppCredential(client.NewAppCredentialConfig(cfg.ClientID, cfg.ClientSecret)),
+		client.WithSubscription(dingutils.SubscriptionTypeKCallback, "/v1.0/im/bot/messages/get",
+			chatbot.NewDefaultChatBotFrameHandler(func(ctx context.Context, msg *chatbot.BotCallbackDataModel) ([]byte, error) {
+				go handleDingMessage(ctx, msg, h, logger)
+				return nil, nil
+			}).OnEventReceived),
+	)
+	logger.Info("钉钉 Stream 正在连接…", zap.String("client_id", cfg.ClientID))
+	go func() {
+		err := streamClient.Start(ctx)
+		if err != nil && ctx.Err() == nil {
+			logger.Error("钉钉 Stream 长连接退出", zap.Error(err))
+		} else if ctx.Err() != nil {
+			logger.Info("钉钉 Stream 已按配置重启关闭")
+		}
+	}()
+	logger.Info("钉钉 Stream 已启动（无需公网），等待收消息", zap.String("client_id", cfg.ClientID))
+}
+
+func handleDingMessage(ctx context.Context, msg *chatbot.BotCallbackDataModel, h MessageHandler, logger *zap.Logger) {
+	if msg == nil || msg.SessionWebhook == "" {
+		return
+	}
+	content := ""
+	if msg.Text.Content != "" {
+		content = strings.TrimSpace(msg.Text.Content)
+	}
+	if content == "" && msg.Msgtype == "richText" {
+		if cMap, ok := msg.Content.(map[string]interface{}); ok {
+			if rich, ok := cMap["richText"].([]interface{}); ok {
+				for _, c := range rich {
+					if m, ok := c.(map[string]interface{}); ok {
+						if txt, ok := m["text"].(string); ok {
+							content = strings.TrimSpace(txt)
+							break
+						}
+					}
+				}
+			}
+		}
+	}
+	if content == "" {
+		logger.Debug("钉钉消息内容为空，已忽略", zap.String("msgtype", msg.Msgtype))
+		return
+	}
+	logger.Info("钉钉收到消息", zap.String("sender", msg.SenderId), zap.String("content", content))
+	userID := msg.SenderId
+	if userID == "" {
+		userID = msg.ConversationId
+	}
+	reply := h.HandleMessage("dingtalk", userID, content)
+	body := map[string]interface{}{
+		"msgtype": "text",
+		"text":    map[string]string{"content": reply},
+	}
+	bodyBytes, _ := json.Marshal(body)
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, msg.SessionWebhook, bytes.NewReader(bodyBytes))
+	if err != nil {
+		logger.Warn("钉钉构造回复请求失败", zap.Error(err))
+		return
+	}
+	req.Header.Set("Content-Type", "application/json")
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		logger.Warn("钉钉回复请求失败", zap.Error(err))
+		return
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		logger.Warn("钉钉回复非 200", zap.Int("status", resp.StatusCode))
+		return
+	}
+	logger.Debug("钉钉回复成功", zap.String("content_preview", reply))
+}

internal/robot/lark.go

@@ -0,0 +1,86 @@
+package robot
+
+import (
+	"context"
+	"encoding/json"
+	"strings"
+
+	"cyberstrike-ai/internal/config"
+
+	larkcore "github.com/larksuite/oapi-sdk-go/v3/core"
+	"github.com/larksuite/oapi-sdk-go/v3/event/dispatcher"
+	larkim "github.com/larksuite/oapi-sdk-go/v3/service/im/v1"
+	lark "github.com/larksuite/oapi-sdk-go/v3"
+	larkws "github.com/larksuite/oapi-sdk-go/v3/ws"
+	"go.uber.org/zap"
+)
+
+type larkTextContent struct {
+	Text string `json:"text"`
+}
+
+// StartLark 启动飞书长连接（无需公网），收到消息后调用 handler 并回复。
+// ctx 被取消时长连接会退出，便于配置变更时重启。
+func StartLark(ctx context.Context, cfg config.RobotLarkConfig, h MessageHandler, logger *zap.Logger) {
+	if !cfg.Enabled || cfg.AppID == "" || cfg.AppSecret == "" {
+		return
+	}
+	larkClient := lark.NewClient(cfg.AppID, cfg.AppSecret)
+	eventHandler := dispatcher.NewEventDispatcher("", "").OnP2MessageReceiveV1(func(ctx context.Context, event *larkim.P2MessageReceiveV1) error {
+		go handleLarkMessage(ctx, event, h, larkClient, logger)
+		return nil
+	})
+	wsClient := larkws.NewClient(cfg.AppID, cfg.AppSecret,
+		larkws.WithEventHandler(eventHandler),
+		larkws.WithLogLevel(larkcore.LogLevelInfo),
+	)
+	go func() {
+		err := wsClient.Start(ctx)
+		if err != nil && ctx.Err() == nil {
+			logger.Error("飞书长连接退出", zap.Error(err))
+		} else if ctx.Err() != nil {
+			logger.Info("飞书长连接已按配置重启关闭")
+		}
+	}()
+	logger.Info("飞书长连接已启动（无需公网）", zap.String("app_id", cfg.AppID))
+}
+
+func handleLarkMessage(ctx context.Context, event *larkim.P2MessageReceiveV1, h MessageHandler, client *lark.Client, logger *zap.Logger) {
+	if event == nil || event.Event == nil || event.Event.Message == nil || event.Event.Sender == nil || event.Event.Sender.SenderId == nil {
+		return
+	}
+	msg := event.Event.Message
+	msgType := larkcore.StringValue(msg.MessageType)
+	if msgType != larkim.MsgTypeText {
+		logger.Debug("飞书暂仅处理文本消息", zap.String("msg_type", msgType))
+		return
+	}
+	var textBody larkTextContent
+	if err := json.Unmarshal([]byte(larkcore.StringValue(msg.Content)), &textBody); err != nil {
+		logger.Warn("飞书消息 Content 解析失败", zap.Error(err))
+		return
+	}
+	text := strings.TrimSpace(textBody.Text)
+	if text == "" {
+		return
+	}
+	userID := ""
+	if event.Event.Sender.SenderId.UserId != nil {
+		userID = *event.Event.Sender.SenderId.UserId
+	}
+	messageID := larkcore.StringValue(msg.MessageId)
+	reply := h.HandleMessage("lark", userID, text)
+	contentBytes, _ := json.Marshal(larkTextContent{Text: reply})
+	_, err := client.Im.Message.Reply(ctx, larkim.NewReplyMessageReqBuilder().
+		MessageId(messageID).
+		Body(larkim.NewReplyMessageReqBodyBuilder().
+			MsgType(larkim.MsgTypeText).
+			Content(string(contentBytes)).
+			Build()).
+		Build())
+	if err != nil {
+		logger.Warn("飞书回复失败", zap.String("message_id", messageID), zap.Error(err))
+		return
+	}
+	logger.Debug("飞书已回复", zap.String("message_id", messageID))
+}

web/static/js/info-collect.js

@@ -933,14 +933,32 @@ function exportFofaResults(format) {
         return;
     }
 
-    // csv：默认导出可见字段（更符合“列隐藏”直觉）
+    if (format === 'xlsx') {
+        // 使用 SheetJS 生成 XLSX（需在页面中引入 xlsx 库）
+        if (typeof XLSX === 'undefined') {
+            alert('未加载 XLSX 库，请刷新页面后重试');
+            return;
+        }
+        const aoa = [visibleFields].concat(p.results.map(row => {
+            const r = row && typeof row === 'object' ? row : {};
+            return visibleFields.map(f => r[f] != null ? r[f] : '');
+        }));
+        const ws = XLSX.utils.aoa_to_sheet(aoa);
+        const wb = XLSX.utils.book_new();
+        XLSX.utils.book_append_sheet(wb, ws, 'FOFA结果');
+        XLSX.writeFile(wb, `fofa_results_${ts}.xlsx`);
+        return;
+    }
+
+    // csv：默认导出可见字段，带 UTF-8 BOM 以兼容 Excel 中文
     const header = visibleFields;
     const rows = p.results.map(row => {
         const r = row && typeof row === 'object' ? row : {};
         return header.map(f => csvEscape(r[f]));
     });
     const csv = [header.map(csvEscape).join(','), ...rows.map(cols => cols.join(','))].join('\n');
-    downloadBlob(csv, `fofa_results_${ts}.csv`, 'text/csv;charset=utf-8');
+    const csvWithBom = '\uFEFF' + csv;
+    downloadBlob(csvWithBom, `fofa_results_${ts}.csv`, 'text/csv;charset=utf-8');
 }
 
 function csvEscape(value) {

web/static/js/settings.js

@@ -170,6 +170,38 @@ async function loadConfig(loadTools = true) {
                 retrievalWeightInput.value = (hybridWeight !== undefined && hybridWeight !== null) ? hybridWeight : 0.7;
             }
         }
+
+        // 填充机器人配置
+        const robots = currentConfig.robots || {};
+        const wecom = robots.wecom || {};
+        const dingtalk = robots.dingtalk || {};
+        const lark = robots.lark || {};
+        const wecomEnabled = document.getElementById('robot-wecom-enabled');
+        if (wecomEnabled) wecomEnabled.checked = wecom.enabled === true;
+        const wecomToken = document.getElementById('robot-wecom-token');
+        if (wecomToken) wecomToken.value = wecom.token || '';
+        const wecomAes = document.getElementById('robot-wecom-encoding-aes-key');
+        if (wecomAes) wecomAes.value = wecom.encoding_aes_key || '';
+        const wecomCorp = document.getElementById('robot-wecom-corp-id');
+        if (wecomCorp) wecomCorp.value = wecom.corp_id || '';
+        const wecomSecret = document.getElementById('robot-wecom-secret');
+        if (wecomSecret) wecomSecret.value = wecom.secret || '';
+        const wecomAgentId = document.getElementById('robot-wecom-agent-id');
+        if (wecomAgentId) wecomAgentId.value = wecom.agent_id || '0';
+        const dingtalkEnabled = document.getElementById('robot-dingtalk-enabled');
+        if (dingtalkEnabled) dingtalkEnabled.checked = dingtalk.enabled === true;
+        const dingtalkClientId = document.getElementById('robot-dingtalk-client-id');
+        if (dingtalkClientId) dingtalkClientId.value = dingtalk.client_id || '';
+        const dingtalkClientSecret = document.getElementById('robot-dingtalk-client-secret');
+        if (dingtalkClientSecret) dingtalkClientSecret.value = dingtalk.client_secret || '';
+        const larkEnabled = document.getElementById('robot-lark-enabled');
+        if (larkEnabled) larkEnabled.checked = lark.enabled === true;
+        const larkAppId = document.getElementById('robot-lark-app-id');
+        if (larkAppId) larkAppId.value = lark.app_id || '';
+        const larkAppSecret = document.getElementById('robot-lark-app-secret');
+        if (larkAppSecret) larkAppSecret.value = lark.app_secret || '';
+        const larkVerify = document.getElementById('robot-lark-verify-token');
+        if (larkVerify) larkVerify.value = lark.verify_token || '';
         
         // 只有在需要时才加载工具列表（MCP管理页面需要，系统设置页面不需要）
         if (loadTools) {
@@ -696,6 +728,7 @@ async function applySettings() {
             }
         };
         
+        const wecomAgentIdVal = document.getElementById('robot-wecom-agent-id')?.value.trim();
         const config = {
             openai: {
                 api_key: apiKey,
@@ -711,6 +744,27 @@ async function applySettings() {
                 max_iterations: parseInt(document.getElementById('agent-max-iterations').value) || 30
             },
             knowledge: knowledgeConfig,
+            robots: {
+                wecom: {
+                    enabled: document.getElementById('robot-wecom-enabled')?.checked === true,
+                    token: document.getElementById('robot-wecom-token')?.value.trim() || '',
+                    encoding_aes_key: document.getElementById('robot-wecom-encoding-aes-key')?.value.trim() || '',
+                    corp_id: document.getElementById('robot-wecom-corp-id')?.value.trim() || '',
+                    secret: document.getElementById('robot-wecom-secret')?.value.trim() || '',
+                    agent_id: parseInt(wecomAgentIdVal, 10) || 0
+                },
+                dingtalk: {
+                    enabled: document.getElementById('robot-dingtalk-enabled')?.checked === true,
+                    client_id: document.getElementById('robot-dingtalk-client-id')?.value.trim() || '',
+                    client_secret: document.getElementById('robot-dingtalk-client-secret')?.value.trim() || ''
+                },
+                lark: {
+                    enabled: document.getElementById('robot-lark-enabled')?.checked === true,
+                    app_id: document.getElementById('robot-lark-app-id')?.value.trim() || '',
+                    app_secret: document.getElementById('robot-lark-app-secret')?.value.trim() || '',
+                    verify_token: document.getElementById('robot-lark-verify-token')?.value.trim() || ''
+                }
+            },
             tools: []
         };
         

web/templates/index.html

@@ -803,8 +803,9 @@
                                 <div class="info-collect-results-toolbar" aria-label="结果工具条">
                                     <div class="info-collect-selected" id="fofa-selected-meta">已选择 0 条</div>
                                     <button class="btn-secondary btn-small" type="button" onclick="toggleFofaColumnsPanel()" title="显示/隐藏字段">列</button>
-                                    <button class="btn-secondary btn-small" type="button" onclick="exportFofaResults('csv')" title="导出当前结果为 CSV">导出 CSV</button>
+                                    <button class="btn-secondary btn-small" type="button" onclick="exportFofaResults('csv')" title="导出当前结果为 CSV（UTF-8，兼容中文）">导出 CSV</button>
                                     <button class="btn-secondary btn-small" type="button" onclick="exportFofaResults('json')" title="导出当前结果为 JSON">导出 JSON</button>
+                                    <button class="btn-secondary btn-small" type="button" onclick="exportFofaResults('xlsx')" title="导出当前结果为 Excel">导出 XLSX</button>
                                     <button class="btn-primary btn-small" type="button" onclick="batchScanSelectedFofaRows()" title="将所选行创建为批量任务队列">批量扫描</button>
                                 </div>
                             </div>
@@ -1061,6 +1062,9 @@
                                 <div class="settings-nav-item active" data-section="basic" onclick="switchSettingsSection('basic')">
                                     <span>基本设置</span>
                                 </div>
+                                <div class="settings-nav-item" data-section="robots" onclick="switchSettingsSection('robots')">
+                                    <span>机器人设置</span>
+                                </div>
                                 <div class="settings-nav-item" data-section="security" onclick="switchSettingsSection('security')">
                                     <span>安全设置</span>
                                 </div>
@@ -1193,6 +1197,114 @@
                                 </div>
                             </div>
 
+                            <!-- 机器人设置 -->
+                            <div id="settings-section-robots" class="settings-section-content">
+                                <div class="settings-section-header">
+                                    <h3>机器人设置</h3>
+                                    <p class="settings-description">配置企业微信、钉钉、飞书等机器人，在手机端直接与 CyberStrikeAI 对话，无需在服务器上打开网页。</p>
+                                </div>
+
+                                <!-- 企业微信 -->
+                                <div class="settings-subsection">
+                                    <h4>企业微信</h4>
+                                    <div class="settings-form">
+                                        <div class="form-group">
+                                            <label class="checkbox-label">
+                                                <input type="checkbox" id="robot-wecom-enabled" class="modern-checkbox" />
+                                                <span class="checkbox-custom"></span>
+                                                <span class="checkbox-text">启用企业微信机器人</span>
+                                            </label>
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="robot-wecom-token">Token</label>
+                                            <input type="text" id="robot-wecom-token" placeholder="Token" autocomplete="off" />
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="robot-wecom-encoding-aes-key">EncodingAESKey</label>
+                                            <input type="text" id="robot-wecom-encoding-aes-key" placeholder="EncodingAESKey（明文模式可留空）" autocomplete="off" />
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="robot-wecom-corp-id">CorpID</label>
+                                            <input type="text" id="robot-wecom-corp-id" placeholder="企业 ID" autocomplete="off" />
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="robot-wecom-secret">Secret</label>
+                                            <input type="password" id="robot-wecom-secret" placeholder="应用 Secret" autocomplete="off" />
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="robot-wecom-agent-id">AgentID</label>
+                                            <input type="number" id="robot-wecom-agent-id" placeholder="应用 AgentId" />
+                                        </div>
+                                    </div>
+                                </div>
+
+                                <!-- 钉钉 -->
+                                <div class="settings-subsection">
+                                    <h4>钉钉</h4>
+                                    <div class="settings-form">
+                                        <div class="form-group">
+                                            <label class="checkbox-label">
+                                                <input type="checkbox" id="robot-dingtalk-enabled" class="modern-checkbox" />
+                                                <span class="checkbox-custom"></span>
+                                                <span class="checkbox-text">启用钉钉机器人</span>
+                                            </label>
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="robot-dingtalk-client-id">Client ID (AppKey)</label>
+                                            <input type="text" id="robot-dingtalk-client-id" placeholder="钉钉应用 AppKey" autocomplete="off" />
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="robot-dingtalk-client-secret">Client Secret</label>
+                                            <input type="password" id="robot-dingtalk-client-secret" placeholder="钉钉应用 Secret" autocomplete="off" />
+                                            <small class="form-hint">需开启机器人能力并配置流式接入</small>
+                                        </div>
+                                    </div>
+                                </div>
+
+                                <!-- 飞书 -->
+                                <div class="settings-subsection">
+                                    <h4>飞书 (Lark)</h4>
+                                    <div class="settings-form">
+                                        <div class="form-group">
+                                            <label class="checkbox-label">
+                                                <input type="checkbox" id="robot-lark-enabled" class="modern-checkbox" />
+                                                <span class="checkbox-custom"></span>
+                                                <span class="checkbox-text">启用飞书机器人</span>
+                                            </label>
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="robot-lark-app-id">App ID</label>
+                                            <input type="text" id="robot-lark-app-id" placeholder="飞书应用 App ID" autocomplete="off" />
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="robot-lark-app-secret">App Secret</label>
+                                            <input type="password" id="robot-lark-app-secret" placeholder="飞书应用 App Secret" autocomplete="off" />
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="robot-lark-verify-token">Verify Token（可选）</label>
+                                            <input type="text" id="robot-lark-verify-token" placeholder="事件订阅 Verification Token" autocomplete="off" />
+                                        </div>
+                                    </div>
+                                </div>
+
+                                <div class="settings-subsection">
+                                    <h4>机器人命令说明</h4>
+                                    <p class="settings-description">在对话中可发送以下命令：</p>
+                                    <ul style="color: var(--text-muted); font-size: 13px; line-height: 1.8; margin: 8px 0 0 16px;">
+                                        <li><strong>帮助</strong> — 显示命令帮助</li>
+                                        <li><strong>列表</strong> 或 <strong>对话列表</strong> — 列出所有对话标题与 ID</li>
+                                        <li><strong>切换 &lt;对话ID&gt;</strong> 或 <strong>继续 &lt;对话ID&gt;</strong> — 指定对话 ID 继续对话</li>
+                                        <li><strong>新对话</strong> — 开启新对话</li>
+                                        <li><strong>清空</strong> — 清空当前对话上下文（不删除历史）</li>
+                                        <li><strong>当前</strong> — 显示当前对话 ID 与标题</li>
+                                    </ul>
+                                </div>
+
+                                <div class="settings-actions">
+                                    <button class="btn-primary" onclick="applySettings()">应用配置</button>
+                                </div>
+                            </div>
+
                             <!-- 安全设置 -->
                             <div id="settings-section-security" class="settings-section-content">
                                 <div class="settings-section-header">
@@ -1472,6 +1584,8 @@
     <script src="https://cdn.jsdelivr.net/npm/cytoscape@3.27.0/dist/cytoscape.min.js"></script>
     <!-- ELK.js for high-quality DAG layout (reduces edge crossings) -->
     <script src="https://cdn.jsdelivr.net/npm/elkjs@0.9.2/lib/elk.bundled.js"></script>
+    <!-- SheetJS for XLSX export (info-collect) -->
+    <script src="https://cdn.jsdelivr.net/npm/xlsx@0.18.5/dist/xlsx.full.min.js"></script>
     <script>
         // 确保ELK对象全局可用
         if (typeof ELK === 'undefined' && typeof elk !== 'undefined') {