Skip to content

Approved Tools

Tools that have been security-reviewed and are pre-approved for agent use. Check this list before installing anything. If a tool is not listed, request approval in Discord #admin.

Python Packages (pip)

Package Install Purpose Reviewed Notes
mkdocs-material pip install mkdocs-material Documentation site generation 2026-03-15 Includes mkdocs core, pymdownx, mermaid support
websockify pip install websockify noVNC proxy (WebSocket to VNC) 2026-03-15 Used on Mac Mini M4 for noVNC

TTS engines (Mac Mini, run-the-docs Claude Code series)

Reviewed 2026-06-07 — see security review. All confirmed local-inference, no telemetry, no exfiltration in audited paths; commercial-use OK. Install per the review's hash-locked plan (chatterbox --no-deps, or two isolated venvs — transformers==5.2.0 vs 4.57.3 cannot coexist), and run offline (HF_HUB_OFFLINE=1) after the first-run weight download. Never enable the Qwen DashScope cloud path; never pass remote reference-audio URLs.

Package Install Purpose Reviewed Notes
chatterbox-tts pip install --no-deps "chatterbox-tts==0.1.7" Multilingual zero-shot local TTS narration (Resemble AI) 2026-06-07 MIT, commercial-use OK. --no-deps to avoid the transformers==5.2.0/diffusers==0.29.0 clash with qwen-tts. Embeds benign Perth watermark (attribution only, no exfil, no commercial block). Run offline after weight download.
resemble-perth pip install "resemble-perth>=1.0.0" Imperceptible audio watermark used by chatterbox-tts 2026-06-07 MIT. Checkpoint bundled in wheel. Pure local inference, zero network calls.
qwen-tts pip install "qwen-tts==0.1.1" Qwen3-TTS local TTS / voice clone (Alibaba, import qwen_tts) 2026-06-07 Apache-2.0, commercial-use OK. No watermark. DO NOT use the DashScope cloud path; voice-clone refs = local paths only. Official QwenLM package (not a wrapper).
s3tokenizer pip install s3tokenizer Speech tokenizer backbone for chatterbox-tts 2026-06-07 Apache-2.0. Downloads ONNX from modelscope.cn with SHA256 verification. No telemetry.
conformer pip install "conformer==0.3.2" Conformer module (chatterbox sub-dep) 2026-06-07 MIT (lucidrains). Pure PyTorch, no network.
diffusers pip install "diffusers==0.29.0" Diffusion components (chatterbox sub-dep) 2026-06-07 Apache-2.0 (HuggingFace). HF model hub only, no telemetry.
omegaconf pip install omegaconf Config loading (chatterbox sub-dep) 2026-06-07 BSD-3-Clause. No network.
pykakasi pip install "pykakasi==2.3.0" Japanese kana/kanji conversion (chatterbox sub-dep) 2026-06-07 GPL-3.0 — copyleft applies to code redistribution only, NOT to generated audio. Local-only, no network.
spacy-pkuseg pip install spacy-pkuseg Chinese word segmentation (chatterbox sub-dep) 2026-06-07 MIT (Explosion). Model downloads from GitHub releases. No telemetry.
pyloudnorm pip install pyloudnorm Loudness normalization (chatterbox sub-dep) 2026-06-07 MIT. Pure DSP, no network.
einops pip install einops Tensor ops (qwen/chatterbox sub-dep) 2026-06-07 MIT. No network.

Not yet approved — needs its own review: uv (Astral) and uv-managed CPython 3.12 are used on the Mac Mini to build the TTS venvs (brew python@3.12 ships a broken pyexpat). They are not covered by the TTS review above; file a separate security review before listing them here.

Node.js Packages (npm/npx)

Package Install Purpose Reviewed Notes
wrangler npx wrangler Cloudflare Workers/Pages CLI 2026-03-14 Deploy workers, pages, D1, KV

Homebrew (macOS only)

Package Install Purpose Reviewed Notes
xcodegen brew install xcodegen Generate .xcodeproj from project.yml Pre-existing All iOS apps depend on this
displayplacer brew install displayplacer Display resolution management 2026-03-15 Used for VNC display debugging
gh brew install gh GitHub CLI Pre-existing Core tool for all agents
bw brew install bitwarden-cli (or GitHub release, checksum-verified) Bitwarden personal-vault CLI 2026-05-25 (Pre-existing — Ops-E v0 uses since 2026-05-23) Bitwarden Inc., open-source. Reads personal-vault items via bw login --apikey + bw unlock --passwordenv BW_PASSWORD --raw. Used by encrypt-secret.yml, rotate-discord-webhook-url.yml, delete-discord-webhook.yml in dashecorp/rig-gitops. Requires master password in BW_PASSWORD GHA secret — see decisions/2026-05-25-ops-e-v0-bws-vs-rotation.md for the BWS-migration option that obviates that requirement.
bws brew install bws (or GitHub release, checksum-verified) Bitwarden Secrets Manager CLI 2026-05-25 Separate product from bw personal-vault CLI; same vendor (Bitwarden Inc.), same open-source Rust client base. Authenticates via BWS_ACCESS_TOKEN env var only — no master password required. Stateless per invocation. Used by the Ops-E v0 BWS migration path (see decisions/2026-05-25-ops-e-v0-bws-vs-rotation.md).
asciinema brew install asciinema Record a live terminal session (e.g. a real Claude Code run) to a local .cast 2026-06-06 v3.2.0, homebrew/core (SHA256-verified bottle). Rust; no browser/server in the record path. No telemetry; upload/auth are explicit opt-in and MUST NOT be used. Never type/show secrets during capture — .cast is plaintext JSON, grep it for secrets before sharing. Pin version; re-review before bump. See security review.
agg brew install agg Render an asciinema .cast to an animated GIF (then ffmpeg → MP4) 2026-06-06 v1.9.0, homebrew/core (SHA256-verified bottle). Rust; local-only rendering (gifski/resvg). No network when rendering from a local .cast (the only supported use); agg --input <URL> has an outbound fetch path — do not use it. No telemetry. Pin version; re-review before bump. See security review.
ffmpeg brew install ffmpeg Audio/video transcode, mux, and compositing — TTS narration muxing, asciinema+agg → MP4, 4:5/Ken-Burns video assembly Pre-existing (2026-06-07 documented) Long-standing dependency of the /dashecorp-video and /run-the-docs pipelines (the final encoder for asciinema+agg recordings). Install from homebrew-core only; pin the reviewed version (8.1.1) and re-review before a major bump.
vhs brew install vhs Scripted synthetic terminal demos (.tape → GIF/MP4/WebM) 2026-06-06 (APPROVE-WITH-CONDITIONS) MIT, homebrew/core. HIGH-RISK: .tape files execute arbitrary shell; go-rod auto-downloads a ~600 MB Chromium from Google/NPM/Playwright CDNs. Author tapes in-house only; pre-stage/pin Chromium + block CDN egress; keep the default sandbox (never VHS_NO_SANDBOX); never --publish/VHS_PUBLISH; never vhs serve. Not for recording live sessions — use asciinema+agg. See security review.

System Tools (pre-installed or OS-provided)

Tool Purpose Notes
git Version control Pre-installed
python3 Scripting, MkDocs Pre-installed on macOS
node/npm JavaScript runtime Pre-installed via Homebrew
docker Container runtime On Dell, Pi-E, Volt-E
kubectl Kubernetes CLI On Dell
tailscale Mesh networking On all hosts
ssh/scp Remote access On all hosts
curl/wget HTTP requests On all hosts
tmux Terminal multiplexer — drives the interactive claude TUI for the claude-tmux provider in the rig agent image, and is the recorder backbone of the run-the-docs Claude Code series Reviewed 2026-06-15. BSD-2-Clause (OpenBSD project, ~20 yrs maintained). apt install tmux (Debian main) baked into dashecorp/rig-agent-runtime Dockerfile.base; brew install tmux (homebrew-core) on the Mac Mini. Local PTY/terminal multiplexing only (libevent + ncurses) — no network, telemetry, auto-update, or remote-fetch in any code path. Pin via the distro package; re-review before a major bump.

GitHub Actions (SHA-pinned)

Action SHA Version Purpose
actions/checkout de0fac2e4500dabe0009e67214ff5f5447ce83dd v6 Checkout repo
actions/setup-python a309ff8b426b58ec0e2a45f0f869d46889d02405 v6 Python setup
actions/setup-node 53b83947a5a98c8d113130e565377fae1a50d02f v6 Node.js setup
actions/github-script ed597411d8f924073f98dfc5c65a23a2325f34cd v8 GitHub API scripting
googleapis/release-please-action c3fc4de07084f75a2b61a5b933069bda6edf3d5c v4 Release management
cloudflare/wrangler-action da0e0dfe58b7a431659754fdf3f186c529afbe65 v3 CF deployments

MCP Servers (approved for Claude Code)

See mcp-servers.md for the full list. All MCP servers listed there are approved.

Process: Requesting a New Tool

  1. Agent posts to Discord #admin: "Need tool-name for task. Package source: npm/pip/brew. Purpose: why."
  2. Codi-E or human reviews:
  3. Author/maintainer trust (age, stars, contributors)
  4. Source code audit (network calls, permissions, data exfil)
  5. Compare to official alternatives
  6. Check if broad permissions needed (filesystem, network, admin)
  7. If approved → add to this file via PR
  8. If rejected → find alternative or build our own
  9. NEVER install an unapproved tool — this is a security boundary

What Agents Must Do

Before installing ANY package:
1. Check this file (approved-tools.md)
2. Listed? → Install
3. Not listed? → Post to #admin, wait for approval
4. NEVER skip this check