Skip to main content

Managing Tool Permissions

Tool permissions provide fine-grained control over how Goose uses different tools within extensions. This guide will help you understand and configure these permissions effectively.

Understanding Tools and Extensions

Before diving into permissions, let's clarify the key components:

  • Extensions are packages that add functionality to Goose (like Developer, Google Drive, etc.)
  • Tools are specific functions within each extension that Goose can use

For example, the Developer extension includes multiple tools like:

  • Text editor tool for file editing
  • Shell tool for running commands
  • Screen capture tool for taking screenshots
Performance Optimization

Goose performs best with fewer than 25 total tools enabled across all extensions. Consider enabling only the extensions you need for your current task.

Permission Levels

Each tool can be set to one of three permission levels:

Permission LevelDescriptionBest ForExamples
Always AllowTool runs without requiring approvalSafe, read-only operations• File reading
• Directory listing
• Information retrieval
Ask BeforeRequires confirmationState-changing operations• File writing/editing
• System commands
• Resource creation
Never AllowTool cannot be usedSensitive operations• Credential access
• System-critical files
• Resource deletion
info

Tool permissions work alongside Goose Permission Modes. The mode sets default behavior, while tool permissions let you override specific tools.

Configuring Tool Permissions

  1. Run the configure command:
goose configure
  1. Select Goose Settings from the menu
┌ goose-configure

◆ What would you like to configure?
| ○ Configure Providers
| ○ Add Extension
| ○ Toggle Extensions
| ○ Remove Extension
| ● Goose Settings

  1. Choose Tool Permission
┌   goose-configure

◇  What would you like to configure?
│  Goose Settings

◆  What setting would you like to configure?
│  ○ Goose Mode
│  ● Tool Permission
|  ○ Tool Output

  1. Select an extension and configure permissions for its tools:
┌   goose-configure

◇  What setting would you like to configure?
│  Tool Permission 

◇  Choose an extension to configure tools
│  developer 

◇  Choose a tool to update permission
│  developer__image_processor 

◆  Set permission level for tool developer__image_processor, current permission level: Not Set
│  ○ Always Allow 
│  ● Ask Before (Prompt before executing this tool)
│  ○ Never Allow

Benefits of Permission Management

tip

Review and update your tool permissions as your tasks change. You can modify permissions at any time during a session.

There are several reasons to configure tool permissions:

  1. Performance Optimization

    • Keep total enabled tools under 25 for best performance
    • Disable tools you don't need for your current task
    • Reduce context window usage and improve response quality
    • Prevent tool decision paralysis

  2. Security Control

    • Restrict access to sensitive operations
    • Prevent accidental file modifications
    • Control system resource usage

  3. Task Focus

    • Enable only tools needed for current task
    • Help Goose make better tool choices
    • Reduce noise in responses

Example Permission Configuration

Task-Based Configuration

Configure permissions based on your current task:

Development Task:
✓ File reading → Always Allow
✓ Code editing → Ask Before
✓ Test running → Always Allow
✗ System commands → Ask Before

Documentation Task:
✓ File reading → Always Allow
✓ Markdown editing → Always Allow
✗ Code editing → Never Allow
✗ System commands → Never Allow