Our newest project is taking flight: meet codename goose! 🪶 Today, we launched an open source on-machine AI Agent. It’s modular, works with your preferred LLM, and integrates seamlessly with developer tools and other software via MCP. Developers, check it out! block.github.io/goose/blog/2... - ThreadSky

About ThreadSky

opensource.block.xyz • 32 days ago

Our newest project is taking flight: meet codename goose! 🪶

Today, we launched an open source on-machine AI Agent. It’s modular, works with your preferred LLM, and integrates seamlessly with developer tools and other software via MCP.

Developers, check it out!
https://block.github.io/goose/blog/2025/01/28/introducing-codename-goose/

Comments

aftd.dev•31 days ago

It seems like Goose can execute arbitrary shell commands based on LLM responses -- e.g. it offered to install rg and was able to do so using brew.

On one hand, this is handy. On the other, it's utterly fucking terrifying. Is there some way to restrict commands besides asking the LLM nicely?

angiejones.tech•31 days ago

yes you can write instructions in goosehints to tell it to have you confirm its plan before it moves on to execution

https://block.github.io/goose/docs/guides/using-goosehints

aftd.dev•31 days ago

My understanding is that goosehints are still parsed by the LLM though?

I'd like something more deterministic. Like an ACL or regex controlling access to files that's directly checked by whatever tool is used for file access, not the LLM.

pkej.bsky.social•11 days ago

Can’t you give it its own user and group and restrict access to it thus?

aftd.dev•11 days ago

Yeah, that's probably the best path forward, although I haven't figured out how to make this work with the GUI app.

musselwhite.dev•11 days ago

Goose needs default safeguards like getting confirmation for changes using something that is elevated and separate from the LLM's chat to provide the needed assurance. Letting the LLM decide if it has permission to change files is wild. We shouldn't have to isolate a dev tool like its a virus.

lux.bsky.social•11 days ago

is it doing so via the MCP fileaccess tool? You can set allowed paths in the json config

aftd.dev•10 days ago

I don't think so? I'm looking at the `text_editor` tool here and it doesn't seem to check allowed paths anywhere.

There's also a shell tool that just straight up passes LLM output to Bash.

Posting Rules

Be respectful to others
No spam or self-promotion
Stay on topic
Follow Bluesky's terms of service

Comments

Posting Rules

Reply