aljaz/goose
1
0
Fork 0
mirror of https://github.com/aljazceru/goose.git synced 2025-12-18 14:44:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

allowlist blocks and shift SSE to warning (#2445)

Browse Source
This commit is contained in:
Michael Neale
2025-05-07 23:44:52 +10:00
committed by GitHub
parent cc2b8f715f
commit c0b79873b5
4 changed files with 90 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
crates/goose-server/ALLOWLIST.md
View File

@@ -1,3 +1,5 @@
IMPORTANT: currently GOOSE_ALLOWLIST is used in main.ts in ui/desktop, and not in goose-server. The following is for reference in case it is used on the server side for launch time enforcement.
# Goose Extension Allowlist
The allowlist feature provides a security mechanism for controlling which MCP commands can be used by goose.
@@ -24,9 +26,11 @@ If this environment variable is not set, no allowlist restrictions will be appli
In certain development or testing scenarios, you may need to bypass the allowlist restrictions. You can do this by setting the `GOOSE_ALLOWLIST_BYPASS` environment variable to `true`:
```bash
export GOOSE_ALLOWLIST_BYPASS=true
# For the GUI, you can have it show a warning instead of blocking (but it will always show a warning):
export GOOSE_ALLOWLIST_WARNING=true
```
When this environment variable is set to `true` (case insensitive), the allowlist check will be bypassed and all commands will be allowed, even if the `GOOSE_ALLOWLIST` environment variable is set.
## Allowlist File Format