fix(security): remove insecure default secret from GOOSE_EXTERNAL_BACKEND#7783
Merged
fix(security): remove insecure default secret from GOOSE_EXTERNAL_BACKEND#7783
Conversation
…KEND When GOOSE_EXTERNAL_BACKEND env var is set, the server secret was hardcoded to 'test', creating a security footgun if this flag is accidentally set in production. Both client and server now generate cryptographically random secrets instead of defaulting to 'test', while supporting explicit configuration via GOOSE_SERVER__SECRET_KEY env var for development workflows. Fixes #7555 Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2781fd7bd1
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
- agent.rs: persist generated secret to env so tunnel reads the same value instead of generating a second independent random secret - main.ts: fail fast with a clear error when GOOSE_EXTERNAL_BACKEND is set but GOOSE_SERVER__SECRET_KEY is missing, instead of silently using an unshared random secret Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 498e82445b
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Replace the unsafe `std::env::set_var` call (UB under multi-threaded tokio runtime) with a `server_secret` field on TunnelManager. The agent command now passes the generated secret to the tunnel manager via `set_server_secret()`, ensuring both components use the same key without global environment mutation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
jamadeo
approved these changes
Mar 10, 2026
lifeizhou-ap
added a commit
that referenced
this pull request
Mar 11, 2026
* main: (45 commits)
fix: resolve {{ recipe_dir }} in nested sub-recipe paths during secret discovery (#7797)
Add @DOsinga as CODEOWNER for documentation (#7799)
feat: Add summarize tool for deterministic reads (#7054)
fix(api): use camelCase in CallToolResponse and add type discriminators to ContentBlock (#7487)
feat: ACP providers for claude code and codex (#6605)
chore(deps): bump express-rate-limit from 8.2.1 to 8.3.0 in /evals/open-model-gym/mcp-harness (#7703)
feat(openai): capture reasoning summaries from responses API (#7375)
Fix some dependencies (#7794)
fix: improve keyring availability error detection (#7766)
feat: add MiniMax provider with Anthropic-compatible API (#7640)
feat: add Tensorix as a declarative provider (#7712)
fix(security): remove insecure default secret from GOOSE_EXTERNAL_BACKEND (#7783)
refactor: Convert Tanzu provider to declarative JSON config (#7124)
replaces https://github.com/block/goose/pull/7340/changes (#7786)
feat(summon): make skill supporting files individually loadable via load() (#7583)
Keep toast open on failed extension (#7771)
fix(ui-desktop): unify path resolution around GOOSE_PATH_ROOT (#7335)
fix: pass OAuth scopes to DCR and extract granted_scopes from token response (#7571)
fix: write to real file if config.yaml is symlink (#7669)
fix: preserve pairings when stopping gateway (#7733)
...
lifeizhou-ap
added a commit
that referenced
this pull request
Mar 11, 2026
* main: (69 commits)
fix: resolve {{ recipe_dir }} in nested sub-recipe paths during secret discovery (#7797)
Add @DOsinga as CODEOWNER for documentation (#7799)
feat: Add summarize tool for deterministic reads (#7054)
fix(api): use camelCase in CallToolResponse and add type discriminators to ContentBlock (#7487)
feat: ACP providers for claude code and codex (#6605)
chore(deps): bump express-rate-limit from 8.2.1 to 8.3.0 in /evals/open-model-gym/mcp-harness (#7703)
feat(openai): capture reasoning summaries from responses API (#7375)
Fix some dependencies (#7794)
fix: improve keyring availability error detection (#7766)
feat: add MiniMax provider with Anthropic-compatible API (#7640)
feat: add Tensorix as a declarative provider (#7712)
fix(security): remove insecure default secret from GOOSE_EXTERNAL_BACKEND (#7783)
refactor: Convert Tanzu provider to declarative JSON config (#7124)
replaces https://github.com/block/goose/pull/7340/changes (#7786)
feat(summon): make skill supporting files individually loadable via load() (#7583)
Keep toast open on failed extension (#7771)
fix(ui-desktop): unify path resolution around GOOSE_PATH_ROOT (#7335)
fix: pass OAuth scopes to DCR and extract granted_scopes from token response (#7571)
fix: write to real file if config.yaml is symlink (#7669)
fix: preserve pairings when stopping gateway (#7733)
...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When
GOOSE_EXTERNAL_BACKENDenv var is set, the server secret was hardcoded to"test", creating a security footgun if this flag is accidentally set in production. This PR:"test"whenGOOSE_SERVER__SECRET_KEYis unset. The server passes the generated secret to the tunnel manager via app state, ensuring both use the same key.GOOSE_EXTERNAL_BACKENDis set,GOOSE_SERVER__SECRET_KEYis now required — the client fails fast with a clear error if it's unset.debug-uirecipe explicitly setsGOOSE_SERVER__SECRET_KEY(defaulting totest) so the dev workflow continues to work.Type of Change
AI Assistance
Testing
Rust compilation verified with
cargo check. The dev workflow (CONTRIBUTING.md pattern) remains unchanged: developers setGOOSE_SERVER__SECRET_KEY=teston both server and client. The Justfiledebug-uirecipe now sets this automatically.Related Issues
Fixes #7555