Goose

What It Does

Goose is an open-source, on-machine AI agent built primarily in Rust (58%) and TypeScript (34%) by Block Inc. It goes beyond code suggestions to autonomously execute multi-step development workflows: building projects from scratch, writing and executing code, debugging failures, running tests, installing dependencies, and interacting with external APIs. It runs locally on the developer’s machine and supports any LLM provider (cloud or local). As of April 2026: 34.8k GitHub stars, 3.3k forks, 438 contributors, 126 releases (v1.29.1), 4,078 commits.

The architecture is MCP-native. Extensions are MCP servers that expose tools (functions) the agent can invoke. Goose also implements the Agent Client Protocol (ACP), allowing it to serve as a backend for editors (JetBrains, Zed) and to delegate tasks to external agents (Claude Code, Codex). Recipes package extensions, prompts, and settings into reusable, shareable agent configurations. The project was donated to the Linux Foundation’s Agentic AI Foundation (AAIF) in December 2025. On SWE-bench Verified, Goose scores approximately 45% with Claude Sonnet — significantly below Claude Code’s 72.7% with the same model — indicating the agentic scaffolding has meaningful room for improvement.

Key Features

MCP-native extension system: Every extension is an MCP server. Any of the 10,000+ public MCP servers can function as a Goose extension without custom integration code. MCP Roots support added in v1.28.0
Multi-provider LLM support: Works with Anthropic, OpenAI, Google, local models via Ollama, and any OpenAI-compatible API. Supports multi-model configurations and Claude adaptive thinking (v1.28.0). Can use existing Claude/Gemini/ChatGPT subscriptions via ACP
Agent Client Protocol (ACP): Bidirectional agent delegation — Goose can serve as an ACP server for editors, and delegate to external ACP agents like Claude Code or Codex
Recipes and sub-recipes: Shareable YAML configurations that package extensions, system prompts, and settings into reusable agent profiles. Sub-recipe delegation added in v1.29.0 for composable workflows
40+ built-in extensions: Git operations, Docker management, Kubernetes, database queries, web scraping, file operations, shell execution
Adversary Agent (v1.28.0): Independent hidden agent that monitors tool calls in real-time to detect risky actions (data exfiltration, unauthorized access, prompt injection) without user interruption — replacing the noisier permission-approval model
Code Mode: Reduces context degradation during extended sessions by optimizing how code context is maintained, addressing the “context rot” problem where long sessions cause the agent to forget earlier instructions
Goosetown multi-agent orchestration: Multi-agent layer enabling parallel agent coordination on the same codebase, inspired by Gas Town patterns
macOS sandbox: Apple sandbox technology integration for controlling file access, network connections, and process restrictions on macOS (v1.25.0)
Prompt injection detection: Built-in ML-based detection for potentially harmful commands, with self-hosted classification API for enterprise deployments
Context management: Auto-compaction at 80% context window threshold via summarization, plus a Memory extension for cross-session knowledge persistence
Desktop and CLI interfaces: Electron desktop app and terminal CLI, both backed by the same Rust core (goosed server binary) with cryptographic self-update verification (v1.29.0)

Use Cases

Autonomous development workflows: Building full-stack applications from natural language descriptions, including dependency installation, code generation, testing, and debugging
Non-engineering team enablement: Block reports using Goose for SQL queries by support teams, data analysis by business teams, and workflow automation by non-technical staff
Custom agent configurations: Packaging domain-specific extensions and prompts into recipes for team-wide distribution (e.g., a “security review” recipe or “data pipeline” recipe)
Editor backend: Running as an ACP server behind JetBrains IDEs or Zed editor for integrated AI assistance
Local-first development: Teams with data residency, compliance, or air-gap requirements can run Goose with local models and no cloud dependencies

Adoption Level Analysis

Small teams (<20 engineers): Good fit with caveats. Installation is straightforward (Homebrew, npm, Docker). The tool is free, and local model support avoids API costs. However, initial setup and configuration can be rough — community reports indicate Goose is “not really usable out of the box” and requires tuning of extensions, model selection, and recipes to get reliable results. Small teams willing to invest setup time get a capable, flexible agent.

Medium orgs (20-200 engineers): Reasonable fit. The recipes system enables standardization across teams. MCP-native architecture allows building internal extensions. ACP support enables editor integration. However, security overhead is real: Operation Pale Fire demonstrated that recipes and MCP servers are attack vectors, requiring vetting processes. Context window management and model cost optimization require operational expertise. No built-in team management, audit logging, or centralized configuration.

Enterprise (200+ engineers): Not yet a natural fit. No centralized management, no enterprise SSO, no built-in audit trails, no role-based access control. The macOS sandbox and adversary mode are useful security features but are not enterprise-grade governance. Block itself uses Goose at scale, but they have the advantage of being the maintainer with dedicated internal tooling teams. External enterprises would need to build significant infrastructure around Goose to meet compliance requirements.

Alternatives

Alternative	Key Difference	Prefer when…
Claude Code	72.7% SWE-bench vs Goose’s ~45%, superior hooks/Agent SDK, $200/month	Budget allows subscription, need best-in-class code quality on complex tasks
OpenHands	Model-agnostic like Goose but with SDK, GUI, cloud deployment, ICLR 2025 paper	Need a research-backed autonomous agent with cloud deployment option
Cursor	IDE-integrated, polished UX, flow-optimized	Primary need is code completion and in-editor assistance, not autonomous workflows
Aider	Python-based, git-integrated, simpler architecture	Need a lightweight git-aware coding assistant without full agent autonomy
OpenCode	MIT-licensed, multi-provider, TUI + desktop + IDE extensions	Want similar open-source flexibility with IDE integration and simpler setup
Gas Town	Multi-agent orchestrator for 20-30 parallel Claude Code instances	Need fleet-scale parallel agent coordination beyond Goosetown’s scope

Evidence & Sources

Notes & Caveats

SWE-bench gap is real and significant. Third-party comparisons show ~45% on SWE-bench Verified vs Claude Code’s 72.7% with the same model. Block has not published official benchmark results despite community requests (GitHub issue #895). This 27-point gap means Goose’s agentic scaffolding significantly underperforms Claude Code’s on complex tasks. The gap narrows for routine development but is material for hard problems.
Productivity claims are vendor-sourced and unverified. The “90% of code written by Goose” claim comes from the tool’s creator. The “75% of developers save 8-10 hours/week” claim appeared alongside Block’s 4,000-person layoff announcement. No independent productivity study has been published. Treat all productivity numbers as marketing until independently validated.
Context rot is a known problem. Long-running sessions degrade output quality as the agent “forgets” earlier instructions. Goose mitigates this with auto-compaction at 80% context window threshold and a Memory extension for cross-session persistence. Code Mode (February 2026) further addresses this for coding tasks. However, industry data suggests that at 95% per-step reliability over 20 steps, combined success drops to 36%.
Operation Pale Fire exposed real security risks. Block’s own red team successfully used a poisoned recipe with invisible Unicode characters to compromise a developer’s machine. The new Adversary Agent (v1.28.0) aims to address this, but no independent security audit of the feature has been published. The approach of using a second LLM to monitor the first introduces its own failure modes and doubles API costs.
Onboarding friction has been partially addressed. v1.28.0 introduced a redesigned onboarding flow, responding to community feedback that Goose required significant configuration to be useful. The improvement has not been independently assessed.
MCP compliance lag. The team acknowledges being current with the March MCP spec but not the June 2025 update. In a fast-moving protocol ecosystem, falling behind on spec compliance can create interoperability issues. MCP Roots support was added in v1.28.0.
Block layoff context. Block cut 4,000 employees (40% of workforce) in February 2026, explicitly citing AI productivity as a factor. Goose’s productivity narrative is inseparable from this corporate strategy. The project’s long-term health depends on Block maintaining investment post-layoffs. The AAIF donation provides governance protection but not contribution guarantees. Contributor count growth (350+ to 438 in one month) is a positive signal.
API costs are real. While the tool is free, heavy autonomous workflows with cloud LLMs can easily exceed the cost of commercial alternatives like Claude Code. The Adversary Agent feature approximately doubles LLM costs for monitored sessions. The “free” framing is misleading for intensive use.
No enterprise governance built in. No centralized config management, audit trails, SSO, RBAC, or compliance reporting. Enterprise users must build this infrastructure themselves.
Permission fatigue. The traditional approach of asking user approval for every tool call leads to fatigue where users stop reading and auto-approve, degrading security. The Adversary Agent is meant to reduce this, but the tradeoff shifts cost from user attention to API spend.