Codumentor logo Codumentor

Plugins in Production

Most of what a real Codumentor deployment does — workspace isolation, web search, the Office editors, scheduled goals, external coding agents, per-user secrets — comes from plugins. A production config typically enables a dozen or more.

This page is the operator's view: which plugins need something installed on the host or configured outside codumentor.yaml, and how to provide it. It is not the full catalog.

Enabling a plugin is always the same: add a {module, class, args} entry to the plugins: list. The work below is the extra setup some plugins need to actually function.

Prerequisites at a glance

Plugin(s)What the admin must provideHow
workspace_isolation, branch_switching, scm_push, external_agent (sandbox tier ≥ 1), isolated subagentsLinux + bubblewrap with overlay support + overlayfs + (Ubuntu 24.04+) an AppArmor profileWorkspace isolation prerequisites below
mermaid_render, webretrieve (JS rendering)Playwright + a Chromium browser binarypip install playwright && playwright install chromium
ripgrepThe rg binary on PATHapt install ripgrep (or your distro's package)
svnA Subversion clientapt install subversion
databaseDB access. Native pure-Python drivers ship bundled (pg8000, PyMySQL, oracledb, python-tds). Only mode: cli (or mode: auto with no driver) needs an external clientpsql / mysql / go-sqlcmd per engine
read_aloud (and Telegram voice)An OpenAI-compatible STT/TTS endpoint + API key via the top-level speech: blockSpeech (read-aloud / voice) below
websearchA search-provider API key (Tavily, Brave, Serper, Google CSE, …)provider_config.api_key: "${TAVILY_API_KEY}"
external_agentThe external CLI binaries installed and logged in (claude, codex, …)Install each CLI, then run its login as the service user so the auth store lands in $HOME (e.g. claude /login, codex login)
redmine, bug_reportA reachable Redmine instance + API keyredmine: each user stores a redmine_api_key secret; bug_report: instance api_key in config
user_secrets, model_profiles, oauthauth.jwt_secret set, or these stores are written unencryptedAuthentication → jwt_secret
goals, scheduler_toolsThe scheduler + job queue (enabled by default)scheduler.enabled: true (default); see Configuration → scheduler
doc_editor, xlsx_editor, pptx_editor, filesync (SMB/UNC)Nothing extra — python-docx, openpyxl, python-pptx, smbprotocol ship in requirements.txt

Portable/frozen builds: the bundled Python dependencies above are included in the executable. Host binaries (bubblewrap, ripgrep, svn, Chromium, DB CLIs) and the external coding-agent CLIs are not bundled — install them on the host regardless of how you run Codumentor.

Workspace isolation prerequisites

The workspace_isolation plugin sandboxes each conversation in a per-session bubblewrap overlay filesystem. The scm_push and external_agent (tier ≥ 1) plugins, and subagents under subagent_isolation: isolated, all run inside this same sandbox — so these requirements apply to all of them.

RequirementMinimumNotes
OSLinuxUbuntu 22.04+ / Debian 12+ recommended. (No Windows/macOS host sandbox.)
Kernel5.11+For unprivileged overlayfs
bubblewrap0.8.0+Must be compiled with overlay support
AppArmorNeeds a profile if apparmor_restrict_unprivileged_userns=1 (Ubuntu 24.04+)

1. Check what you have

# Overlay support is the part most distro packages are missing:
bwrap --help | grep overlay      # no output → your bwrap lacks overlay support

# Convenience checker shipped with the plugin:
./src/codumentor/plugins/workspace_isolation/setup/check.sh

2. Install / build if needed

Most distributions ship bubblewrap without overlay support, so you usually have to build 0.8.0+ from source (the helper script automates it):

./src/codumentor/plugins/workspace_isolation/setup/setup.sh

On Ubuntu 24.04+, unprivileged user namespaces are restricted by AppArmor. bubblewrap relies on them, so the setup script installs an AppArmor profile at /etc/apparmor.d/bwrap that allows userns for the bwrap binary. (If you build bwrap to a different path, update the profile to match.)

3. Enable it

plugins:
  - module: codumentor.plugins.workspace_isolation
    class: WorkspaceIsolationPlugin
    priority: 5
    args:
      enabled: true
      persistent_home: true        # shared $HOME across agents (default)
      subagent_isolation: shared   # "shared" (default) or "isolated"
      snapshots:
        upper_dir_ttl: 2592000     # 30 d — writable overlay layer lifetime
        cleanup_interval: 3600     # sweep cadence (0 = startup only)
        min_free_gb: 5             # disk-pressure backstop
      sandbox:
        unshare_net: true         # block networking inside the sandbox (default)

See Configuration → Workspace Isolation Plugin for the full option table.

Speech (read-aloud / voice)

read_aloud (the "🔊 read aloud" message action) and Telegram voice replies share one top-level speech: block pointing at an OpenAI-compatible speech service:

speech:
  enabled: true
  base_url: "https://api.openai.com/v1"
  api_key: "${OPENAI_API_KEY}"
  tts_model: "tts-1"
  tts_voice: "alloy"

The read-aloud action lights up only when enabled: true and api_key resolves to a real value through an environment variable. A per-user ${secret:...} key will not work here, because the web read-aloud call runs outside an agent turn (where per-user secrets are resolved). Without a resolvable key the action renders disabled with an explanatory note.

External coding agents (external_agent)

Each configured backend (claude-code, codex, …) is a separate CLI that the main agent can delegate to. Two things must be true for a backend to work:

  1. The CLI binary is installed and on PATH for the service user (binary: defaults to claude, codex, opencode, gemini).
  2. A credential resolves at spawn time — otherwise the call is rejected, not spawned. How the credential is sourced depends on mode:

``bash
# as the user the Codumentor process runs as:
claude /login # populates ~/.claude
codex login # populates ~/.codex
``

Sandbox tier. default_sandbox_tier (and per-backend overrides) sets isolation: tier 0 runs the CLI as a plain subprocess; tier 1 wraps it in a bubblewrap overlay (repo read-only, copy-on-write) and can enforce memory/wall-clock limits via user-level systemd-run plus a network egress allow-list. Tier 1 needs bubblewrap — see Workspace isolation prerequisites. When workspace_isolation runs with persistent_home: true, that shared $HOME is what external agents see, so a one-time login persists across sessions.

See also