I read Goose's entire source code. Your security pipeline is the best I've seen in any open-source agent.

[NeuZhou]

I've been doing deep source code teardowns of AI agent projects for a while now -- not the docs, the actual implementations. Goose is the 12th one I've gone through.

The 5-inspector pipeline (Security, Egress, Adversary, Permission, Repetition) running before every tool call is genuinely well designed. Having the AdversaryInspector call the LLM itself to review suspicious tool calls is something I haven't seen anywhere else. The 31-key env var blocklist that blocks DLL injection through extension configs is a nice touch too.

I rated Goose A- overall. The only projects that come close on security are Codex CLI (OS-level sandboxing with seatbelt/landlock) and Claude Code (4-layer context cascade, though weaker on isolation).

A few things that stood out:

• MCP-first bus architecture is clean. 30+ provider support without spaghetti.
• Rust + TypeScript split works. Core in Rust, extensions in TS.
• Proactive context compression at 80% capacity with concurrent background summarization -- nobody else does this well.
• One gap: cost controls. 1000-turn max but no dollar cap.

Full teardown with architecture diagrams: https://github.com/NeuZhou/awesome-ai-anatomy/tree/main/goose

Curious if any of the maintainers have thoughts on the security analysis, or if I got anything wrong.

[DOsinga]

can you please stop posting these repetitive discussions? I am taking this is automatic and a bot

[NeuZhou]

not a bot, just enthusiastic about sharing the work. each discussion is written specifically for the project it's posted in — the goose one focuses on the security pipeline because that's genuinely the best part of goose's architecture. i won't spam more though, point taken.