Matrix Corporal is a program, which sits in front of your Matrix Synapse homeserver.
It changes Matrix Synapse's configuration to make it match a policy that you provide.
It also acts as a gateway to Matrix Synapse (sits in front of it), so that it can allow/deny requests according to the policy.
You need Matrix Corporal when you want better management of your Matrix chat server.
That would be when you're in a corporate (or other similar team environment), where you would want automatic management of your users and their membership in rooms.
Using Matrix Corporal is a way to say:
- these are my users that can use Matrix as of this moment
- this is how they authenticate
- these users need to be in this room
- these other users need to be in that other room.
.. and have Matrix Corporal continually set up your Matrix server accordingly.
Yes. Matrix Corporal only manages the users that are part of the users field in the policy.
If there's no user policy configuration for a user in the policy's users field, that user is left untouched by Matrix Corporal. Such users can be managed by yourself, manually.
The short answer is: no.
The long answer is: it depends.
Matrix Corporal cannot do a good job of ensuring that everything works according to the policy, unless it can intercept and deny API requests that attempt to configure things differently.
Additionally, Matrix Corporal requires capturing the login API to make user authentication work.
It might be possible to forward traffic selectively (just the "dangerous" or otherwise-necessary routes), but those might change in future matrix-corporal/Synapse versions, so it's not recommended doing.
Users are automatically joined and made to leave rooms according to the joinedRoomIds field in their user policy and to the global managedRoomIds policy field.
Users can create and join any room which is not listed in the global managedRoomIds policy field.
It's just rooms listed in the managedRoomIds that matrix-corporal cares about and controls tightly (requiring an explicit join rule in the joinedRoomIds list for that user).
Not for now. Matrix Corporal tries to do all its work by utilizing the Matrix server's client API.
Certain future features may require more tight coupling (and thus, database access), but there are no such features yet.
Not for now.
Attaching an email address to a user's profile cannot be done through the Matrix Client API, so Matrix Corporal also cannot do it.
It can be done if Matrix Corporal gets direct access to Matrix Synapse's database, but such integration hasn't been done yet. It may be done in the future.
Alternatively, the Shared Secret Authenticator password provider module may be modified, so that it would be able to do something similar, but such an implementation is deemed unclean at the moment.
Not for now.
Not that there are any other feature-complete homeservers at the time of writing this.. but..
Matrix Corporal tries to abstract away how it does things, so that other "connectors" can be implemented. It tries to do mostly everything through the specced Matrix API, so it can theoretically be made to work with other homeservers.
However, it does use a few Synapse-specific APIs (/admin/register and other /admin APIs), as well as a Synapse-specific password provider in the form of Shared Secret Authenticator.