Skip to content

Goose

v1.36.0 Feature

This release adds 5 notable features for engineering teams evaluating rollout.

Published 7d AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

acp ai ai-agents mcp

Affected surfaces

rce_ssrf

Summary

AI summary

Broad release touches 🐛 Bug Fixes, ✨ Features, 🔧 Improvements, and 📚 Documentation.

Full changelog

✨ Features

  • TUI command on goose-cli #9385
  • TUI diff viewer #9260
  • goose review local code review command #9114
  • /goal command for agent self-evaluation before finishing #9069
  • Hooks system for PreToolUse denial and extensibility #9093, #9304
  • Slash commands (built-in, skill, recipe) in ACP server #9238
  • Open-plugins generalization + skills #9112
  • Summon subagent instructions #9325
  • Unified thinking effort control across all providers #9242
  • NEAR AI Cloud provider #9352
  • Scaleway provider #9254
  • Vercel AI Gateway provider #9144
  • Atomic Chat declarative OpenAI-compatible provider #9210
  • Routstr declarative provider #9175
  • FuturMix provider #8840
  • oMLX declarative provider #9177
  • Harbor eval runner #9138
  • goose://resume and goose://new-session deep links #9343, #9196
  • MAX_CODE_BLOCK_LINES configurable via env vars #9301
  • Honor GOOSE_FAST_MODEL env var in ModelConfig #9296
  • GPT-5.5 in known models #9292
  • Paginate ACP session list #9199
  • Pass session cwd param to ACP providers #9229
  • Opt-in to Vercel AI gateway leaderboard #9259
  • GOOSE_OAUTH_CALLBACK_PORT for stable OAuth redirect_uri #9209
  • Proactive OAuth token refresh to avoid re-auth on every session #8386
  • Strip chain-of-thought markers from custom provider output #8635
  • Encrypted Nostr session sharing #8922
  • Simplified Chinese (zh-CN) translation #8765
  • Russian language support #9406
  • Turkish desktop locale #9392
  • Nushell terminal and completion support #8628
  • Optional --parameters flag for scheduled recipes #8741
  • Quarterly option for scheduler #9076
  • GitHub Copilot /responses API support #9043
  • Worktree-aware directory switcher #8450
  • Chat history search feature #8448
  • Projects as backend sources with system prompt injection #8739
  • Linux Vulkan support for local inference #9038
  • Linux musl CLI builds #9240
  • Windows CUDA release artifacts #8750
  • GOOSE_DISABLE_TOOL_CALL_SUMMARY env var #8947

🐛 Bug Fixes

  • Tolerate missing responses output #9449
  • Stop main window growing taller on every launch #9409
  • Desktop chat search session limiting #9366
  • Serialize per-session agent creation to stop duplicate MCP init #9357
  • Respect GOOSE_MAX_TURNS in gateway sessions #9354
  • Send empty object instead of null for Anthropic tool_use input #9355
  • Preserve thinking content for provider context #9314
  • Mention configurable timeout env vars in Ollama stream stall error #9246
  • Include full recipe parameter details in load/discovery output #9233
  • Remove unused fetch-metadata IPC handler (SSRF) #9340
  • Use context limit from /model/info for LiteLLM custom models #9303
  • Plain > prompt instead of goose emoji in CLI #9305
  • Stop killing goosed when a window closes #9302
  • Emit trace_output as span attribute instead of event #9255
  • Check file fallback when keyring has no entry #9279
  • Align sidebar hamburger in macOS fullscreen #9257
  • Use current_exe() instead of PATH lookup when spawning goose #9236
  • Set TCP_USER_TIMEOUT on streamable HTTP clients #9207
  • Activate custom provider after adding via configure #9213
  • Flush OTLP traces reliably on exit with configurable timeout #9228
  • Reduce excessive MISSING_TRANSLATION warnings for fallback locales #9294
  • Eliminate cross-window deep link contamination #9273
  • Improve Telegram gateway error reporting and connection reliability #9223
  • Enable VT processing on Windows Console Host #9248
  • Zero out cost for local providers (ollama, local) #9219
  • Resolve Azure CLI on Windows by using az.cmd #9215
  • Handle non-interactive terminal in goose configure on Windows #9214
  • Persist accumulated cost in session DB to survive reload #9191
  • Prevent tool-use marker leakage in toolshim output #8310
  • Re-apply canonical limits when delegate overrides model #9183
  • Report cumulative total_tokens in stream-json/json output #8910
  • Refresh GCP metadata server token on expiration #8929
  • Apply request_params to outgoing OpenAI API payload #9151
  • Gemini 3.x known_location Global routing entries #9142
  • Coalesce streaming Thinking deltas + list available tools on not-found #9162
  • Honor Retry-After on 429 responses #9161
  • Preserve user-set session name for recipe-based chats #9079
  • Enforce exp independently of MAX_TOKEN_AGE_SECONDS in OIDC proxy #8839
  • Improve inline code contrast in light theme #9058
  • Omit max_tokens for OpenAI-compatible requests when unset #9123
  • Set correct MCP-app host capabilities #9116
  • Normalize nullable schemas for Vertex Gemini compatibility #8930
  • Isolate GitHub recipe temp paths #8878
  • Set X-Initiator header on GitHub Copilot requests #8809
  • Honor dynamic_models: false in declarative provider configs #8795
  • Cache trailing message for stable prefix across Bedrock agent turns #8916
  • Case-insensitive model name lookup for context_limit #8906
  • Handle Bedrock ReasoningContent blocks gracefully #8843
  • Ensure parallel tool image responses don't interleave on Databricks #9241
  • Insert tool pair summaries at chronological position in conversation #9087
  • Enable SQLite foreign key enforcement in session pool #9121
  • Deleted chat session still appears in sidebar list #8674
  • Correct WSL2 OS detection by removing PWD-based Windows override #8869
  • Accept null tool_call arguments in OpenAI streaming chunks #9035
  • Use python3 in developer extension instructions for macOS/Linux #8784
  • Synchronously reap ACP child to avoid SIGCHLD race #9023
  • Elicitation fixes #8999
  • Return 400 instead of panicking on invalid CSP header value #8810
  • Keep SSE reconnect loop alive on long disconnects #8846
  • Convert quoted numeric config values to numbers if needed #8844
  • Use appInfo instead of clientInfo in MCP Apps init handshake #9249
  • Use mkdir -p for self-test workspace initialization #9247
  • Exclude preprompt from session title generation #8793
  • Prevent login-shell PATH probe from suspending goose on startup #8804

🔧 Improvements

  • Local inference: stricter GGUF requirements, auto detection of tool calling support, fixed thinking output parsing #9442
  • Simplify UI customization #9353
  • Build summon instructions per turn #9329
  • Protocol cleanup #9147
  • Dependency hygiene #9360
  • Preserve selected branch across project chats #9010
  • Prompt injection mitigation: update pattern-based detection to reduce FPs #9350
  • Surface resolved Databricks model metadata #9206
  • Include request URL in provider error messages #9232
  • Flag for login shell PATH #9313
  • Remove popular chat topics from new chat screen #9307
  • Structured per-provider config block, non-destructive provider switching #8977
  • TUI spacing/layout improvements #9243
  • Preserve thinking content for providers that require it #8857
  • Dynamically refresh skill instructions each turn #9217
  • Better parsing of pasted HTML as markdown #9190
  • Show tool name in approval prompt #9216
  • Localize hardcoded strings in provider settings UI #8931
  • Move settings into app shell #9047
  • Location column in CLI skills table #8785
  • Consolidate logging setup into shared helper #8817
  • Support optional api_key configuration for declarative openai-engine providers #9202
  • Remove vendored Windows binaries #9318
  • Polish sidebar and context panel #9059
  • Polish inline code snippet styling #9011
  • Refresh onboarding when provider catalog loads #9051
  • Recipe discovery/execution in ACP server #8925
  • Group consecutive tool calls into one summarized chain card #8995
  • Replace artifact heuristics/regexes with protocol messages #8996
  • Improvements to LM Studio declarative provider #8973
  • Parallelize provider resolution and eagerly init SQLite pool #8899
  • Deduplicate _goose/providers/list RPC call at startup #8873
  • Native arm64 runners for Linux artifact builds #9075
  • ACP streamable HTTP spec compliance #9034
  • Provider-first onboarding #9039
  • Redesign extensions page #8940
  • Redesign skills library #8868
  • Skills in chat composer #8881
  • Mergeable configs cleanup #8378

📚 Documentation

  • Stats update #9410
  • Hooks guide #9288
  • Hooks feature blog post #9227
  • Document summon extension requirement for delegate and load tools #9231
  • Guide for connecting goose Desktop to a remote goosed server #9275
  • SaladCloud AI Gateway provider documentation #9253
  • Reorganize documentation #9310
  • Fix internal documentation anchors #9094
  • Tunnel remote access documentation update #9077
  • Linux desktop Vulkan packages #9323
  • Orchestrating with goose blog #9104
  • Goose with Peekaboo blog #8884
  • Built-in local inference blog post #8808
  • MiniMax and office QA benchmark blog post #8984
  • Repology badge in README #9245
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Goose

Get notified when new releases ship.

Sign up free

About Goose

an open source, extensible AI agent that goes beyond code suggestions - install, execute, edit, and test with any LLM

All releases →

Related context

Beta — feedback welcome: [email protected]