Goose Extension Allowlist
Goose is an extensible framework that, by default, allows you to install any MCP server. However, you may want stricter controls on which MCP servers can be installed as extensions (e.g. in a corporate setting).
This guide explains how you can create an allowlist of safe extensions that work with Goose Desktop and CLI. An allowlist lets administrators control which MCP servers can be installed as Goose extensions. When enabled, Goose will only install extensions that are on the list, and will block installation of any others.
How It Works
- The allowlist is a YAML file that contains a list of allowed extension commands.
- Goose fetches the allowlist from a URL specified by the
GOOSE_ALLOWLIST
environment variable. - The allowlist is fetched when first needed and is cached. It is refetched on every restart of Goose.
- When a user attempts to install an extension, Goose checks the MCP server's installation command against the allowlist.
- If the command is not in the allowlist, the extension installation is rejected.
Configuration
1. Create and Deploy Allowlist
The allowlist must be a YAML file with the following structure:
extensions:
- id: extension-id-1
command: command-name-1
- id: extension-id-2
command: command-name-2
# ... more extensions
Example
In this example, only the Slack, GitHub, and Jira extensions can be installed:
extensions:
- id: slack
command: uvx mcp_slack
- id: github
command: uvx mcp_github
- id: jira
command: uvx mcp_jira
After creating the allowlist, you must deploy it to a URL.
2. Set Environment Variable
Create an environment variable called GOOSE_ALLOWLIST
and set the value to the URL of your YAML file:
export GOOSE_ALLOWLIST=https://example.com/goose-allowlist.yaml
You can also add this export to your shell configuration file (On a Mac, it's your ~/.bashrc
or ~/.zshrc
file).
If this environment variable is not set, no allowlist restrictions are applied. With no restrictions, all extensions can be installed.
Best Practices
To effectively use the allowlist with exact matching:
- Specify commands: Define the exact command string that you want to allow.
- Include full paths: If you want to allow a command only from a specific path, include the full path in the allowlist.
- Audit regularly: Review your allowlist frequently to ensure it only contains the commands you intend to allow.
- Use HTTPS: Use an HTTPS URL for your allowlist to prevent man-in-the-middle attacks.
- Restrict edit access: Ensure that only authorized users can edit the allowlist.
- Validate entries: Carefully review the allowlist to ensure only trusted commands are included.
- Monitor installations: Watch for rejected commands during extension installation, which might indicate attempted abuse.
Troubleshooting
If extensions are being rejected unexpectedly:
- Check if the
GOOSE_ALLOWLIST
environment variable is set correctly. - Verify that the allowlist file is accessible from the server.
- Ensure the allowlist file is properly formatted YAML.
- Check server logs for any errors related to fetching or parsing the allowlist.
- Verify that the command in the extension installations exactly matches what's in the allowlist.