Hi Angie love the fact that you use all those MCPs!
I'm curious, how do you make sure all the actions are observable and auditable?
Are you like using centralised MCPs for the whole team so you can apply fine-grainde access control rules? How do you make sure Goose just has the permissions it need for the specific task and not more?
Head of AI Tools & Enablement, Block. Certified Java Programmer and Java Champion. International Keynote Speaker. GitHub Star. Master Inventor w/ 27 patents.
Head of AI Tools & Enablement, Block. Certified Java Programmer and Java Champion. International Keynote Speaker. GitHub Star. Master Inventor w/ 27 patents.
some of the MCP servers like GitHub have granular scopes. But even if not, within Goose, we allow users to assign permissions to each tool within an MCP server
However, what I meant was truly fine-grained authorizations at an "argument" level.
We're noticing, just like with standard apps, that companies would like to give Agents specific permissions.
Something like: "read_message_tool" only for "work" emails, or "send" only "during working hours".
Those permissions need to be changed live, just as access to a G Drive Doc for humans, based on the task the Agent is doing. This is necessary for lot of companies we're speaking with, as they do not want to just let the Agent inherit ALL the permissions from the human it is acting on behalf of.
Have you ever thought about that? I'd love to discuss that with you
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hi Angie love the fact that you use all those MCPs!
I'm curious, how do you make sure all the actions are observable and auditable?
Are you like using centralised MCPs for the whole team so you can apply fine-grainde access control rules? How do you make sure Goose just has the permissions it need for the specific task and not more?
Langfuse! block.github.io/goose/docs/tutoria...
That makes a lot of sense for monitoring and audit!
But what about Fine-grained access control? How do you make sure Goose just has the permissions it need for the specific task and not more?
some of the MCP servers like GitHub have granular scopes. But even if not, within Goose, we allow users to assign permissions to each tool within an MCP server
This is one of the reasons we love Goose!
However, what I meant was truly fine-grained authorizations at an "argument" level.
We're noticing, just like with standard apps, that companies would like to give Agents specific permissions.
Something like: "read_message_tool" only for "work" emails, or "send" only "during working hours".
Those permissions need to be changed live, just as access to a G Drive Doc for humans, based on the task the Agent is doing. This is necessary for lot of companies we're speaking with, as they do not want to just let the Agent inherit ALL the permissions from the human it is acting on behalf of.
Have you ever thought about that? I'd love to discuss that with you