Skip to main content
The access goal for Xpert Tag is to make the group the safety boundary for shared work. What a digital expert can access in a group should be configured by administrators, rather than varying with the individual who asked.

Current Access Foundation

CapabilityStatusNotes
IM integration credentialsAvailable foundationLark, DingTalk, and WeCom credentials are stored and used through system integrations.
Trigger bindingAvailable foundationTriggers bind an IM integration to a target digital expert.
Digital expert runtime identityAvailable foundationDigital experts execute through existing platform runtime and workflow permissions.
Toolset authorizationAvailable foundationToolsets, knowledge bases, and business plugins use current Xpert access models.
Webhook authenticationAvailable foundationPlugins protect inbound routes with guards, signatures, tokens, or encrypted callbacks.
Group-level Access BundlePlannedThere is no cross-IM group capability package model yet.
Unified Tag auditPlannedThere is no single Tag-session-centered audit page yet.
Credential ProxyPlannedThere is no unified credential proxy with default-deny egress yet.

Group-Level Access Bundle

Access Bundle is the most important future governance object for Xpert Tag. It should package reusable capabilities and bind them to an organization, IM workspace, group, or channel.
ConfigurationExampleStatus
Knowledge scopeCompany policies, project materials, product docs.Planned
Toolsets and pluginsTicketing, CRM, BI, code platform, approval, documents.Planned
Business credentialsService-account API keys, OAuth clients, read-only database accounts.Planned
Allowed domainsAPI hosts, document hosts, code platform hosts.Planned
Default instructionsOutput format, risk notes, citation requirements, forbidden content.Planned
Write policyRead-only, confirmation required, approval required, or auto-write allowed.Planned
Model policyDefault model, allowed model switching, cost limits.Planned
Budget and usageGroup budget, daily limits, anomaly alerts.Planned
Recommended bundle patterns:
  • project-readonly: project knowledge, read-only docs, read-only tickets.
  • support-triage: support knowledge, ticket creation, customer-state lookup.
  • bi-readonly: semantic metrics and read-only data queries.
  • code-review: repository read, PR comments, CI state read.
  • code-write: repository write and PR creation, approval required by default.

Service Account Principle

The target Xpert Tag identity model is: shared group work uses administrator-configured service accounts or platform technical users by default, not the requester’s personal credentials.
ScenarioRecommended identityStatus
IM send/receiveIM bot application identity.Available foundation
Digital expert background executionThe platform runtime identity for the target expert.Available foundation
Business-system read/writeDedicated service account or governed API credential.Partially available
Personal private tasksUser personal connections and permissions.Planned
Service accounts provide:
  • Consistent group capabilities regardless of who asked.
  • Clear external audit logs showing what the Xpert Tag service account did.
  • Central revocation, rotation, and scope reduction without affecting personal accounts.
  • Central confirmation, approval, and risk limits for write operations.

Credentials And Network Egress

Today, plugins and tools use credentials through existing Xpert integration and tool mechanisms. Xpert Tag should add a unified Credential Proxy.
CapabilityGoalStatus
Write-only credentialsDo not show saved secret values again.Partially available
Boundary credential injectionInject credentials only at a controlled runtime boundary.Planned
Default-deny network egressBlock hosts not allowed by bundle or environment.Planned
Host/path/method controlsRestrict exact APIs the agent can reach.Planned
Credentialless allowlistAllow public hosts without injecting credentials.Planned
Internal and metadata protectionBlock private networks, metadata services, and sensitive addresses.Planned

Audit Requirements

Unified Tag audit is Planned. The target audit record should include at least:
  • Source platform, group, DM, thread, and message ID.
  • Triggering user, visible member scope, and digital expert.
  • Effective Access Bundle, model, knowledge bases, tools, and skills.
  • Input summary, attachment summary, and context sources.
  • Tool name, parameter summary, result summary, and errors.
  • Write confirmation, approval status, and external record IDs.
  • Output summary, artifact links, and final status.
  • Token usage, cost, duration, and retry records.

Risk Controls

Xpert Tag should include these built-in controls:
RiskControlStatus
Group members overreach into business systemsGroup-level Access Bundle and least-privilege service accounts.Planned
Sensitive output posted to a large groupSensitive filters, pre-send checks, group-level forbidden content.Partially available
Accidental write operationsConfirmation, approval workflow, read-only defaults, rollback logs.Partially available
Long task runs awayCancel button, budget limits, timeout, retry limits.Partially available
Plugin credential leakWrite-only credentials, proxy injection, redacted logs.Partially available
Audit gapsUnified Tag session audit.Planned
Before full Xpert Tag productization, pilot with conservative defaults:
  • Group chats respond only to explicit bot mentions by default.
  • Group history reading is off by default and enabled explicitly per group.
  • Write operations require human confirmation by default.
  • High-risk tools start read-only.
  • New bundles are first attached to private pilot groups.
  • WeCom should degrade according to platform capability instead of promising full parity with other platforms.