Description
Goose v1.30.0 (April 2026) introduced an egress logging inspector: a new security feature that logs and inspects outbound network calls made by the agent or its tools.
Zeph has tool audit logging (exit codes, truncation flags, raw responses) but does not specifically track or surface outbound network calls (HTTP fetches, WebScrape tool, MCP SSE connections, embedding API calls) in a unified security view.
Reference
- Goose v1.30.0 release (github.com/block/goose/releases)
- Zeph tool audit: `zeph-tools/src/audit.rs` — logs tool risk summary, execution metadata
Gap Analysis
Zeph's current audit covers:
- Tool execution metadata (exit codes, truncation)
- MCP trust scores and per-server connection status
- Tool blocklist enforcement
Not covered:
- Outbound HTTP requests from `fetch` / `web_scrape` tools (destination URL, response size, latency)
- LLM API call destinations (provider URL, model, token count)
- MCP SSE stream traffic (server URL, event count)
Potential Directions
- Instrument `WebScrapeExecutor` and `FetchExecutor` to log outbound URL + response metadata to audit log
- Add a structured `[egress]` section in audit entries with URL, method, status, duration, bytes
- Surface in TUI Security panel alongside existing blocked-tool events
- Optional: configurable domain allowlist/blocklist for fetch tools (beyond existing SSRF guard)
Description
Goose v1.30.0 (April 2026) introduced an egress logging inspector: a new security feature that logs and inspects outbound network calls made by the agent or its tools.
Zeph has tool audit logging (exit codes, truncation flags, raw responses) but does not specifically track or surface outbound network calls (HTTP fetches, WebScrape tool, MCP SSE connections, embedding API calls) in a unified security view.
Reference
Gap Analysis
Zeph's current audit covers:
Not covered:
Potential Directions