Update config.yaml

config.yaml

@@ -10,7 +10,7 @@
 # ============================================
 
 # 前端显示的版本号（可选，不填则显示默认版本）
-version: "v1.6.2"
+version: "v1.6.3"
 # 服务器配置
 server:
   host: 0.0.0.0 # 监听地址，0.0.0.0 表示监听所有网络接口

internal/app/app.go

@@ -599,12 +599,12 @@ func (a *App) startRobotConnections() {
 	if cfg.Robots.Lark.Enabled && cfg.Robots.Lark.AppID != "" && cfg.Robots.Lark.AppSecret != "" {
 		ctx, cancel := context.WithCancel(context.Background())
 		a.larkCancel = cancel
-		go robot.StartLark(ctx, cfg.Robots.Lark, a.robotHandler, a.logger.Logger)
+		go robot.StartLark(ctx, cfg.Robots, a.robotHandler, a.logger.Logger)
 	}
 	if cfg.Robots.Dingtalk.Enabled && cfg.Robots.Dingtalk.ClientID != "" && cfg.Robots.Dingtalk.ClientSecret != "" {
 		ctx, cancel := context.WithCancel(context.Background())
 		a.dingCancel = cancel
-		go robot.StartDing(ctx, cfg.Robots.Dingtalk, a.robotHandler, a.logger.Logger)
+		go robot.StartDing(ctx, cfg.Robots, a.robotHandler, a.logger.Logger)
 	}
 }
 

internal/attackchain/builder.go

@@ -811,8 +811,8 @@ func (b *Builder) callAIForChainGeneration(ctx context.Context, prompt string) (
 				"content": prompt,
 			},
 		},
-		"temperature": 0.3,
-		"max_tokens":  8000,
+		"temperature":           0.3,
+		"max_completion_tokens": 80000,
 	}
 
 	var apiResponse struct {

internal/config/config.go

@@ -275,11 +275,25 @@ type MultiAgentAPIUpdate struct {
 
 // RobotsConfig 机器人配置（企业微信、钉钉、飞书等）
 type RobotsConfig struct {
+	Session  RobotSessionConfig  `yaml:"session,omitempty" json:"session,omitempty"`   // 机器人会话隔离策略
 	Wecom    RobotWecomConfig    `yaml:"wecom,omitempty" json:"wecom,omitempty"`       // 企业微信
 	Dingtalk RobotDingtalkConfig `yaml:"dingtalk,omitempty" json:"dingtalk,omitempty"` // 钉钉
 	Lark     RobotLarkConfig     `yaml:"lark,omitempty" json:"lark,omitempty"`         // 飞书
 }
 
+// RobotSessionConfig 机器人会话隔离策略
+type RobotSessionConfig struct {
+	StrictUserIdentity *bool `yaml:"strict_user_identity,omitempty" json:"strict_user_identity,omitempty"` // true 时只允许真实用户标识，不允许会话/群 ID 兜底
+}
+
+// StrictUserIdentityEnabled 返回是否启用严格用户身份模式；未配置时默认 true。
+func (c RobotSessionConfig) StrictUserIdentityEnabled() bool {
+	if c.StrictUserIdentity == nil {
+		return true
+	}
+	return *c.StrictUserIdentity
+}
+
 // RobotWecomConfig 企业微信机器人配置
 type RobotWecomConfig struct {
 	Enabled        bool   `yaml:"enabled" json:"enabled"`
@@ -292,17 +306,19 @@ type RobotWecomConfig struct {
 
 // RobotDingtalkConfig 钉钉机器人配置
 type RobotDingtalkConfig struct {
-	Enabled      bool   `yaml:"enabled" json:"enabled"`
-	ClientID     string `yaml:"client_id" json:"client_id"`         // 应用 Key (AppKey)
-	ClientSecret string `yaml:"client_secret" json:"client_secret"` // 应用 Secret
+	Enabled                    bool   `yaml:"enabled" json:"enabled"`
+	ClientID                   string `yaml:"client_id" json:"client_id"`                                       // 应用 Key (AppKey)
+	ClientSecret               string `yaml:"client_secret" json:"client_secret"`                               // 应用 Secret
+	AllowConversationIDFallback bool   `yaml:"allow_conversation_id_fallback" json:"allow_conversation_id_fallback"` // sender_id 缺失时是否允许回退到会话 ID
 }
 
 // RobotLarkConfig 飞书机器人配置
 type RobotLarkConfig struct {
-	Enabled     bool   `yaml:"enabled" json:"enabled"`
-	AppID       string `yaml:"app_id" json:"app_id"`             // 应用 App ID
-	AppSecret   string `yaml:"app_secret" json:"app_secret"`     // 应用 App Secret
-	VerifyToken string `yaml:"verify_token" json:"verify_token"` // 事件订阅 Verification Token（可选）
+	Enabled                 bool   `yaml:"enabled" json:"enabled"`
+	AppID                   string `yaml:"app_id" json:"app_id"`                                 // 应用 App ID
+	AppSecret               string `yaml:"app_secret" json:"app_secret"`                         // 应用 App Secret
+	VerifyToken             string `yaml:"verify_token" json:"verify_token"`                     // 事件订阅 Verification Token（可选）
+	AllowChatIDFallback     bool   `yaml:"allow_chat_id_fallback" json:"allow_chat_id_fallback"` // 用户 ID 缺失时是否允许回退到 chat_id
 }
 
 type ServerConfig struct {
@@ -465,7 +481,6 @@ func Load(path string) (*Config, error) {
 	if cfg.Auth.SessionDurationHours <= 0 {
 		cfg.Auth.SessionDurationHours = 12
 	}
-
 	if strings.TrimSpace(cfg.Auth.Password) == "" {
 		password, err := generateStrongPassword(24)
 		if err != nil {
@@ -934,6 +949,7 @@ func LoadRoleFromFile(path string) (*RoleConfig, error) {
 }
 
 func Default() *Config {
+	strictRobotIdentity := true
 	return &Config{
 		Server: ServerConfig{
 			Host: "0.0.0.0",
@@ -968,6 +984,11 @@ func Default() *Config {
 		Auth: AuthConfig{
 			SessionDurationHours: 12,
 		},
+		Robots: RobotsConfig{
+			Session: RobotSessionConfig{
+				StrictUserIdentity: &strictRobotIdentity,
+			},
+		},
 		Knowledge: KnowledgeConfig{
 			Enabled:  true,
 			BasePath: "knowledge_base",

internal/database/database.go

@@ -203,6 +203,16 @@ func (db *DB) initTables() error {
 		UNIQUE(conversation_id, group_id)
 	);`
 
+	// 机器人会话绑定表（用于跨重启保持「平台+租户+用户」到 conversation 的映射）
+	createRobotUserSessionsTable := `
+	CREATE TABLE IF NOT EXISTS robot_user_sessions (
+		session_key TEXT PRIMARY KEY,
+		conversation_id TEXT NOT NULL,
+		role_name TEXT NOT NULL DEFAULT '默认',
+		updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+		FOREIGN KEY (conversation_id) REFERENCES conversations(id) ON DELETE CASCADE
+	);`
+
 	// 创建漏洞表
 	createVulnerabilitiesTable := `
 	CREATE TABLE IF NOT EXISTS vulnerabilities (
@@ -409,6 +419,7 @@ func (db *DB) initTables() error {
 	CREATE INDEX IF NOT EXISTS idx_knowledge_retrieval_logs_created_at ON knowledge_retrieval_logs(created_at);
 	CREATE INDEX IF NOT EXISTS idx_conversation_group_mappings_conversation ON conversation_group_mappings(conversation_id);
 	CREATE INDEX IF NOT EXISTS idx_conversation_group_mappings_group ON conversation_group_mappings(group_id);
+	CREATE INDEX IF NOT EXISTS idx_robot_user_sessions_updated_at ON robot_user_sessions(updated_at);
 	CREATE INDEX IF NOT EXISTS idx_conversations_pinned ON conversations(pinned);
 	CREATE INDEX IF NOT EXISTS idx_vulnerabilities_conversation_id ON vulnerabilities(conversation_id);
 	CREATE INDEX IF NOT EXISTS idx_vulnerabilities_conversation_tag ON vulnerabilities(conversation_tag);
@@ -479,6 +490,9 @@ func (db *DB) initTables() error {
 	if _, err := db.Exec(createConversationGroupMappingsTable); err != nil {
 		return fmt.Errorf("创建conversation_group_mappings表失败: %w", err)
 	}
+	if _, err := db.Exec(createRobotUserSessionsTable); err != nil {
+		return fmt.Errorf("创建robot_user_sessions表失败: %w", err)
+	}
 
 	if _, err := db.Exec(createVulnerabilitiesTable); err != nil {
 		return fmt.Errorf("创建vulnerabilities表失败: %w", err)

internal/database/robot_session.go

@@ -0,0 +1,84 @@
+package database
+
+import (
+	"database/sql"
+	"fmt"
+	"strings"
+	"time"
+)
+
+// RobotSessionBinding 机器人会话绑定信息。
+type RobotSessionBinding struct {
+	SessionKey     string
+	ConversationID string
+	RoleName       string
+	UpdatedAt      time.Time
+}
+
+// GetRobotSessionBinding 按 session_key 获取机器人会话绑定。
+func (db *DB) GetRobotSessionBinding(sessionKey string) (*RobotSessionBinding, error) {
+	sessionKey = strings.TrimSpace(sessionKey)
+	if sessionKey == "" {
+		return nil, nil
+	}
+	var b RobotSessionBinding
+	var updatedAt string
+	err := db.QueryRow(
+		"SELECT session_key, conversation_id, role_name, updated_at FROM robot_user_sessions WHERE session_key = ?",
+		sessionKey,
+	).Scan(&b.SessionKey, &b.ConversationID, &b.RoleName, &updatedAt)
+	if err != nil {
+		if err == sql.ErrNoRows {
+			return nil, nil
+		}
+		return nil, fmt.Errorf("查询机器人会话绑定失败: %w", err)
+	}
+	if t, e := time.Parse("2006-01-02 15:04:05.999999999-07:00", updatedAt); e == nil {
+		b.UpdatedAt = t
+	} else if t, e := time.Parse("2006-01-02 15:04:05", updatedAt); e == nil {
+		b.UpdatedAt = t
+	} else {
+		b.UpdatedAt, _ = time.Parse(time.RFC3339, updatedAt)
+	}
+	if strings.TrimSpace(b.RoleName) == "" {
+		b.RoleName = "默认"
+	}
+	return &b, nil
+}
+
+// UpsertRobotSessionBinding 写入或更新机器人会话绑定（包含角色）。
+func (db *DB) UpsertRobotSessionBinding(sessionKey, conversationID, roleName string) error {
+	sessionKey = strings.TrimSpace(sessionKey)
+	conversationID = strings.TrimSpace(conversationID)
+	roleName = strings.TrimSpace(roleName)
+	if sessionKey == "" || conversationID == "" {
+		return nil
+	}
+	if roleName == "" {
+		roleName = "默认"
+	}
+	_, err := db.Exec(`
+		INSERT INTO robot_user_sessions (session_key, conversation_id, role_name, updated_at)
+		VALUES (?, ?, ?, ?)
+		ON CONFLICT(session_key) DO UPDATE SET
+			conversation_id = excluded.conversation_id,
+			role_name = excluded.role_name,
+			updated_at = excluded.updated_at
+	`, sessionKey, conversationID, roleName, time.Now())
+	if err != nil {
+		return fmt.Errorf("写入机器人会话绑定失败: %w", err)
+	}
+	return nil
+}
+
+// DeleteRobotSessionBinding 删除机器人会话绑定。
+func (db *DB) DeleteRobotSessionBinding(sessionKey string) error {
+	sessionKey = strings.TrimSpace(sessionKey)
+	if sessionKey == "" {
+		return nil
+	}
+	if _, err := db.Exec("DELETE FROM robot_user_sessions WHERE session_key = ?", sessionKey); err != nil {
+		return fmt.Errorf("删除机器人会话绑定失败: %w", err)
+	}
+	return nil
+}

internal/handler/config.go

@@ -886,7 +886,7 @@ func (h *ConfigHandler) TestOpenAI(c *gin.Context) {
 		"messages": []map[string]string{
 			{"role": "user", "content": "Hi"},
 		},
-		"max_tokens": 5,
+		"max_completion_tokens": 5,
 	}
 
 	// 使用内部 openai Client 进行测试，若 provider 为 claude 会自动走桥接层

internal/handler/fofa.go

@@ -268,8 +268,8 @@ func (h *FofaHandler) ParseNaturalLanguage(c *gin.Context) {
 			{"role": "system", "content": systemPrompt},
 			{"role": "user", "content": userPrompt},
 		},
-		"temperature": 0.1,
-		"max_tokens":  1200,
+		"temperature":           0.1,
+		"max_completion_tokens": 12000,
 	}
 
 	// OpenAI 返回结构：只需要 choices[0].message.content

internal/handler/robot.go

@@ -75,14 +75,58 @@ func (h *RobotHandler) sessionKey(platform, userID string) string {
 	return platform + "_" + userID
 }
 
+func (h *RobotHandler) loadSessionBinding(sk string) (convID, role string) {
+	if h.db == nil || strings.TrimSpace(sk) == "" {
+		return "", ""
+	}
+	binding, err := h.db.GetRobotSessionBinding(sk)
+	if err != nil {
+		h.logger.Warn("读取机器人会话绑定失败", zap.String("session_key", sk), zap.Error(err))
+		return "", ""
+	}
+	if binding == nil {
+		return "", ""
+	}
+	return binding.ConversationID, binding.RoleName
+}
+
+func (h *RobotHandler) persistSessionBinding(sk, convID, role string) {
+	if h.db == nil || strings.TrimSpace(sk) == "" || strings.TrimSpace(convID) == "" {
+		return
+	}
+	if err := h.db.UpsertRobotSessionBinding(sk, convID, role); err != nil {
+		h.logger.Warn("写入机器人会话绑定失败", zap.String("session_key", sk), zap.Error(err))
+	}
+}
+
+func (h *RobotHandler) deleteSessionBinding(sk string) {
+	if h.db == nil || strings.TrimSpace(sk) == "" {
+		return
+	}
+	if err := h.db.DeleteRobotSessionBinding(sk); err != nil {
+		h.logger.Warn("删除机器人会话绑定失败", zap.String("session_key", sk), zap.Error(err))
+	}
+}
+
 // getOrCreateConversation 获取或创建当前会话，title 用于新对话的标题（取用户首条消息前50字）
 func (h *RobotHandler) getOrCreateConversation(platform, userID, title string) (convID string, isNew bool) {
+	sk := h.sessionKey(platform, userID)
 	h.mu.RLock()
-	convID = h.sessions[h.sessionKey(platform, userID)]
+	convID = h.sessions[sk]
 	h.mu.RUnlock()
 	if convID != "" {
 		return convID, false
 	}
+	if persistedConvID, persistedRole := h.loadSessionBinding(sk); strings.TrimSpace(persistedConvID) != "" {
+		// 会话绑定持久化：服务重启后也可恢复当前对话和角色。
+		h.mu.Lock()
+		h.sessions[sk] = persistedConvID
+		if strings.TrimSpace(persistedRole) != "" {
+			h.sessionRoles[sk] = persistedRole
+		}
+		h.mu.Unlock()
+		return persistedConvID, false
+	}
 	t := strings.TrimSpace(title)
 	if t == "" {
 		t = "新对话 " + time.Now().Format("01-02 15:04")
@@ -96,34 +140,49 @@ func (h *RobotHandler) getOrCreateConversation(platform, userID, title string) (
 	}
 	convID = conv.ID
 	h.mu.Lock()
-	h.sessions[h.sessionKey(platform, userID)] = convID
+	role := h.sessionRoles[sk]
+	h.sessions[sk] = convID
 	h.mu.Unlock()
+	h.persistSessionBinding(sk, convID, role)
 	return convID, true
 }
 
 // setConversation 切换当前会话
 func (h *RobotHandler) setConversation(platform, userID, convID string) {
+	sk := h.sessionKey(platform, userID)
 	h.mu.Lock()
-	h.sessions[h.sessionKey(platform, userID)] = convID
+	role := h.sessionRoles[sk]
+	h.sessions[sk] = convID
 	h.mu.Unlock()
+	h.persistSessionBinding(sk, convID, role)
 }
 
 // getRole 获取当前用户使用的角色，未设置时返回"默认"
 func (h *RobotHandler) getRole(platform, userID string) string {
+	sk := h.sessionKey(platform, userID)
 	h.mu.RLock()
-	role := h.sessionRoles[h.sessionKey(platform, userID)]
+	role := h.sessionRoles[sk]
 	h.mu.RUnlock()
-	if role == "" {
-		return "默认"
+	if strings.TrimSpace(role) != "" {
+		return role
 	}
-	return role
+	if _, persistedRole := h.loadSessionBinding(sk); strings.TrimSpace(persistedRole) != "" {
+		h.mu.Lock()
+		h.sessionRoles[sk] = persistedRole
+		h.mu.Unlock()
+		return persistedRole
+	}
+	return "默认"
 }
 
 // setRole 设置当前用户使用的角色
 func (h *RobotHandler) setRole(platform, userID, roleName string) {
+	sk := h.sessionKey(platform, userID)
 	h.mu.Lock()
-	h.sessionRoles[h.sessionKey(platform, userID)] = roleName
+	h.sessionRoles[sk] = roleName
+	convID := h.sessions[sk]
 	h.mu.Unlock()
+	h.persistSessionBinding(sk, convID, roleName)
 }
 
 // clearConversation 清空当前会话（切换到新对话）
@@ -140,7 +199,16 @@ func (h *RobotHandler) clearConversation(platform, userID string) (newConvID str
 
 // HandleMessage 处理用户输入，返回回复文本（供各平台 webhook 调用）
 func (h *RobotHandler) HandleMessage(platform, userID, text string) (reply string) {
+	platform = strings.TrimSpace(platform)
+	userID = strings.TrimSpace(userID)
 	text = strings.TrimSpace(text)
+	if platform == "" {
+		platform = "unknown"
+	}
+	if userID == "" {
+		h.logger.Warn("机器人消息缺少用户标识，已拒绝处理", zap.String("platform", platform))
+		return "无法识别发送者身份，请检查机器人事件订阅权限（需返回可用的用户 ID）。"
+	}
 	if text == "" {
 		return "请输入内容或发送「帮助」/ help 查看命令。"
 	}
@@ -345,7 +413,9 @@ func (h *RobotHandler) cmdDelete(platform, userID, convID string) string {
 		// 删除当前对话时，先清空会话绑定
 		h.mu.Lock()
 		delete(h.sessions, sk)
+		delete(h.sessionRoles, sk)
 		h.mu.Unlock()
+		h.deleteSessionBinding(sk)
 	}
 	if err := h.db.DeleteConversation(convID); err != nil {
 		return "删除失败: " + err.Error()
@@ -647,8 +717,25 @@ func (h *RobotHandler) HandleWecomPOST(c *gin.Context) {
 		h.logger.Debug("企业微信内层 XML 解析成功", zap.String("FromUserName", body.FromUserName), zap.String("Content", body.Content))
 	}
 
-	userID := body.FromUserName
+	tenantKey := strings.TrimSpace(enterpriseID)
+	if tenantKey == "" {
+		tenantKey = strings.TrimSpace(h.config.Robots.Wecom.CorpID)
+	}
+	if tenantKey == "" {
+		tenantKey = "default"
+	}
+	rawUserID := strings.TrimSpace(body.FromUserName)
+	replyUserID := rawUserID
+	userID := ""
+	if rawUserID != "" {
+		userID = "t:" + tenantKey + "|u:" + rawUserID
+	}
 	text := strings.TrimSpace(body.Content)
+	if userID == "" {
+		h.logger.Warn("企业微信消息缺少可用用户标识，已忽略")
+		c.String(http.StatusOK, "success")
+		return
+	}
 
 	// 限制回复内容长度（企业微信限制 2048 字节）
 	maxReplyLen := 2000
@@ -661,14 +748,14 @@ func (h *RobotHandler) HandleWecomPOST(c *gin.Context) {
 
 	if body.MsgType != "text" {
 		h.logger.Debug("企业微信收到非文本消息", zap.String("MsgType", body.MsgType))
-		h.sendWecomReply(c, userID, enterpriseID, limitReply("暂仅支持文本消息，请发送文字。"), timestamp, nonce)
+		h.sendWecomReply(c, replyUserID, enterpriseID, limitReply("暂仅支持文本消息，请发送文字。"), timestamp, nonce)
 		return
 	}
 
 	// 文本消息：先判断是否为内置命令（如 帮助/列表/新对话 等），这类命令处理很快，可以直接走被动回复，避免依赖主动发送 API。
 	if cmdReply, ok := h.handleRobotCommand("wecom", userID, text); ok {
 		h.logger.Debug("企业微信收到命令消息，走被动回复", zap.String("userID", userID), zap.String("text", text))
-		h.sendWecomReply(c, userID, enterpriseID, limitReply(cmdReply), timestamp, nonce)
+		h.sendWecomReply(c, replyUserID, enterpriseID, limitReply(cmdReply), timestamp, nonce)
 		return
 	}
 
@@ -684,7 +771,7 @@ func (h *RobotHandler) HandleWecomPOST(c *gin.Context) {
 		reply = limitReply(reply)
 		h.logger.Debug("企业微信消息处理完成", zap.String("userID", userID), zap.String("reply", reply))
 		// 调用企业微信 API 主动发送消息
-		h.sendWecomMessageViaAPI(userID, enterpriseID, reply)
+		h.sendWecomMessageViaAPI(rawUserID, enterpriseID, reply)
 	}()
 }
 

internal/robot/ding.go

@@ -23,22 +23,23 @@ const (
 
 // StartDing 启动钉钉 Stream 长连接（无需公网），收到消息后调用 handler 并通过 SessionWebhook 回复。
 // 断线（如笔记本睡眠、网络中断）后会自动重连；ctx 被取消时退出，便于配置变更时重启。
-func StartDing(ctx context.Context, cfg config.RobotDingtalkConfig, h MessageHandler, logger *zap.Logger) {
+func StartDing(ctx context.Context, robotsCfg config.RobotsConfig, h MessageHandler, logger *zap.Logger) {
+	cfg := robotsCfg.Dingtalk
 	if !cfg.Enabled || cfg.ClientID == "" || cfg.ClientSecret == "" {
 		return
 	}
-	go runDingLoop(ctx, cfg, h, logger)
+	go runDingLoop(ctx, cfg, robotsCfg.Session.StrictUserIdentityEnabled(), h, logger)
 }
 
 // runDingLoop 循环维持钉钉长连接：断开且 ctx 未取消时按退避间隔重连。
-func runDingLoop(ctx context.Context, cfg config.RobotDingtalkConfig, h MessageHandler, logger *zap.Logger) {
+func runDingLoop(ctx context.Context, cfg config.RobotDingtalkConfig, strictUserIdentity bool, h MessageHandler, logger *zap.Logger) {
 	backoff := dingReconnectInitial
 	for {
 		streamClient := client.NewStreamClient(
 			client.WithAppCredential(client.NewAppCredentialConfig(cfg.ClientID, cfg.ClientSecret)),
 			client.WithSubscription(dingutils.SubscriptionTypeKCallback, "/v1.0/im/bot/messages/get",
 				chatbot.NewDefaultChatBotFrameHandler(func(ctx context.Context, msg *chatbot.BotCallbackDataModel) ([]byte, error) {
-					go handleDingMessage(ctx, msg, h, logger)
+					go handleDingMessage(ctx, msg, cfg, strictUserIdentity, h, logger)
 					return nil, nil
 				}).OnEventReceived),
 		)
@@ -66,7 +67,7 @@ func runDingLoop(ctx context.Context, cfg config.RobotDingtalkConfig, h MessageH
 	}
 }
 
-func handleDingMessage(ctx context.Context, msg *chatbot.BotCallbackDataModel, h MessageHandler, logger *zap.Logger) {
+func handleDingMessage(ctx context.Context, msg *chatbot.BotCallbackDataModel, cfg config.RobotDingtalkConfig, strictUserIdentity bool, h MessageHandler, logger *zap.Logger) {
 	if msg == nil || msg.SessionWebhook == "" {
 		return
 	}
@@ -93,9 +94,22 @@ func handleDingMessage(ctx context.Context, msg *chatbot.BotCallbackDataModel, h
 		return
 	}
 	logger.Info("钉钉收到消息", zap.String("sender", msg.SenderId), zap.String("content", content))
-	userID := msg.SenderId
+	tenantKey := strings.TrimSpace(cfg.ClientID)
+	if tenantKey == "" {
+		tenantKey = "default"
+	}
+	userID := strings.TrimSpace(msg.SenderId)
+	if userID != "" {
+		userID = "t:" + tenantKey + "|u:" + userID
+	} else if cfg.AllowConversationIDFallback && !strictUserIdentity {
+		conversationID := strings.TrimSpace(msg.ConversationId)
+		if conversationID != "" {
+			userID = "t:" + tenantKey + "|c:" + conversationID
+		}
+	}
 	if userID == "" {
-		userID = msg.ConversationId
+		logger.Warn("钉钉消息缺少可用用户标识，已忽略")
+		return
 	}
 	reply := h.HandleMessage("dingtalk", userID, content)
 	// 使用 markdown 类型以便正确展示标题、列表、代码块等格式

internal/robot/lark.go

@@ -27,20 +27,21 @@ type larkTextContent struct {
 
 // StartLark 启动飞书长连接（无需公网），收到消息后调用 handler 并回复。
 // 断线（如笔记本睡眠、网络中断）后会自动重连；ctx 被取消时退出，便于配置变更时重启。
-func StartLark(ctx context.Context, cfg config.RobotLarkConfig, h MessageHandler, logger *zap.Logger) {
+func StartLark(ctx context.Context, robotsCfg config.RobotsConfig, h MessageHandler, logger *zap.Logger) {
+	cfg := robotsCfg.Lark
 	if !cfg.Enabled || cfg.AppID == "" || cfg.AppSecret == "" {
 		return
 	}
-	go runLarkLoop(ctx, cfg, h, logger)
+	go runLarkLoop(ctx, cfg, robotsCfg.Session.StrictUserIdentityEnabled(), h, logger)
 }
 
 // runLarkLoop 循环维持飞书长连接：断开且 ctx 未取消时按退避间隔重连。
-func runLarkLoop(ctx context.Context, cfg config.RobotLarkConfig, h MessageHandler, logger *zap.Logger) {
+func runLarkLoop(ctx context.Context, cfg config.RobotLarkConfig, strictUserIdentity bool, h MessageHandler, logger *zap.Logger) {
 	backoff := larkReconnectInitial
 	for {
 		larkClient := lark.NewClient(cfg.AppID, cfg.AppSecret)
 		eventHandler := dispatcher.NewEventDispatcher("", "").OnP2MessageReceiveV1(func(ctx context.Context, event *larkim.P2MessageReceiveV1) error {
-			go handleLarkMessage(ctx, event, h, larkClient, logger)
+			go handleLarkMessage(ctx, event, cfg, strictUserIdentity, h, larkClient, logger)
 			return nil
 		})
 		wsClient := larkws.NewClient(cfg.AppID, cfg.AppSecret,
@@ -70,7 +71,7 @@ func runLarkLoop(ctx context.Context, cfg config.RobotLarkConfig, h MessageHandl
 	}
 }
 
-func handleLarkMessage(ctx context.Context, event *larkim.P2MessageReceiveV1, h MessageHandler, client *lark.Client, logger *zap.Logger) {
+func handleLarkMessage(ctx context.Context, event *larkim.P2MessageReceiveV1, cfg config.RobotLarkConfig, strictUserIdentity bool, h MessageHandler, client *lark.Client, logger *zap.Logger) {
 	if event == nil || event.Event == nil || event.Event.Message == nil || event.Event.Sender == nil || event.Event.Sender.SenderId == nil {
 		return
 	}
@@ -89,9 +90,10 @@ func handleLarkMessage(ctx context.Context, event *larkim.P2MessageReceiveV1, h
 	if text == "" {
 		return
 	}
-	userID := ""
-	if event.Event.Sender.SenderId.UserId != nil {
-		userID = *event.Event.Sender.SenderId.UserId
+	userID := resolveLarkUserID(event, cfg.AllowChatIDFallback && !strictUserIdentity)
+	if userID == "" {
+		logger.Warn("飞书消息缺少可用用户标识，已忽略")
+		return
 	}
 	messageID := larkcore.StringValue(msg.MessageId)
 	reply := h.HandleMessage("lark", userID, text)
@@ -109,3 +111,31 @@ func handleLarkMessage(ctx context.Context, event *larkim.P2MessageReceiveV1, h
 	}
 	logger.Debug("飞书已回复", zap.String("message_id", messageID))
 }
+
+// resolveLarkUserID 提取飞书会话隔离键：
+// tenant_key + 稳定用户标识（user_id/open_id/union_id）；按配置可选 chat_id 兜底。
+func resolveLarkUserID(event *larkim.P2MessageReceiveV1, allowChatIDFallback bool) string {
+	if event == nil || event.Event == nil || event.Event.Sender == nil || event.Event.Sender.SenderId == nil {
+		return ""
+	}
+	tenantKey := strings.TrimSpace(larkcore.StringValue(event.Event.Sender.TenantKey))
+	if tenantKey == "" {
+		tenantKey = "default"
+	}
+	prefix := "t:" + tenantKey + "|"
+	if id := strings.TrimSpace(larkcore.StringValue(event.Event.Sender.SenderId.UserId)); id != "" {
+		return prefix + "u:" + id
+	}
+	if id := strings.TrimSpace(larkcore.StringValue(event.Event.Sender.SenderId.OpenId)); id != "" {
+		return prefix + "o:" + id
+	}
+	if id := strings.TrimSpace(larkcore.StringValue(event.Event.Sender.SenderId.UnionId)); id != "" {
+		return prefix + "n:" + id
+	}
+	if allowChatIDFallback && event.Event.Message != nil {
+		if id := strings.TrimSpace(larkcore.StringValue(event.Event.Message.ChatId)); id != "" {
+			return prefix + "c:" + id
+		}
+	}
+	return ""
+}