Managing Tool Permissions
Tool permissions provide fine-grained control over how Goose uses different tools within extensions. This guide will help you understand and configure these permissions effectively.
Understanding Tools and Extensions
Before diving into permissions, let's clarify the key components:
- Extensions are packages that add functionality to Goose (like Developer, Google Drive, etc.)
- Tools are specific functions within each extension that Goose can use
For example, the Developer extension includes multiple tools like:
- Text editor tool for file editing
- Shell tool for running commands
- Screen capture tool for taking screenshots
Goose performs best with fewer than 25 total tools enabled across all extensions. Consider enabling only the extensions you need for your current task.
Permission Levels
Each tool can be set to one of three permission levels:
| Permission Level | Description | Best For | Examples |
|---|---|---|---|
| Always Allow | Tool runs without requiring approval | Safe, read-only operations | • File reading • Directory listing • Information retrieval |
| Ask Before | Requires confirmation | State-changing operations | • File writing/editing • System commands • Resource creation |
| Never Allow | Tool cannot be used | Sensitive operations | • Credential access • System-critical files • Resource deletion |
Tool permissions work alongside Goose Permission Modes. The mode sets default behavior, while tool permissions let you override specific tools.
Configuring Tool Permissions
- Goose Desktop
- Goose CLI
You can configure tool permissions through either Manual or Smart Approval modes:
- Manual Approval
- Smart Approval
- Click
...in the upper right corner - Click
Advanced Settings - Under
Mode Selection, chooseManual Approval - Click on an extension name
- Use the dropdown next to each tool to set its permission level
In Smart Approval mode, Goose will automatically detect and allow read-only operations while requiring approval for state-changing actions.
- Click
...in the upper right corner - Click
Advanced Settings - Under
Mode Selection, chooseSmart Approval - Click on an extension name
- Use the dropdown next to each tool to set its permission level
- Run the configure command:
goose configure
- Select
Goose Settingsfrom the menu
┌ goose-configure
│
◆ What would you like to configure?
| ○ Configure Providers
| ○ Add Extension
| ○ Toggle Extensions
| ○ Remove Extension
| ● Goose Settings
└
- Choose
Tool Permission
┌ goose-configure
│
◇ What would you like to configure?
│ Goose Settings
│
◆ What setting would you like to configure?
│ ○ Goose Mode
│ ● Tool Permission
| ○ Tool Output
└
- Select an extension and configure permissions for its tools:
┌ goose-configure
│
◇ What setting would you like to configure?
│ Tool Permission
│
◇ Choose an extension to configure tools
│ developer
│
◇ Choose a tool to update permission
│ developer__image_processor
│
◆ Set permission level for tool developer__image_processor, current permission level: Not Set
│ ○ Always Allow
│ ● Ask Before (Prompt before executing this tool)
│ ○ Never Allow
└
Benefits of Permission Management
Review and update your tool permissions as your tasks change. You can modify permissions at any time during a session.
There are several reasons to configure tool permissions:
-
Performance Optimization
- Keep total enabled tools under 25 for best performance
- Disable tools you don't need for your current task
- Reduce context window usage and improve response quality
- Prevent tool decision paralysis
-
Security Control
- Restrict access to sensitive operations
- Prevent accidental file modifications
- Control system resource usage
-
Task Focus
- Enable only tools needed for current task
- Help Goose make better tool choices
- Reduce noise in responses
Example Permission Configuration
Task-Based Configuration
Configure permissions based on your current task:
Development Task:
✓ File reading → Always Allow
✓ Code editing → Ask Before
✓ Test running → Always Allow
✗ System commands → Ask Before
Documentation Task:
✓ File reading → Always Allow
✓ Markdown editing → Always Allow
✗ Code editing → Never Allow
✗ System commands → Never Allow