feat: Add tom (Top Of Mind) platform extension

[tlongwell-block]

Zero-tool platform extension that injects user-provided text into the MOIM every turn.

Problem

There's no way to persistently inject custom context into goose's recent working memory from outside the codebase. .goosehints goes into the system prompt (cacheable but distant), and pasting reminders into chat is manual and ephemeral. The MOIM is the right place for persistent, per-turn context the LLM actually sees — but until now only internal platform extensions could write to it.

Motivation

goose sometimes helpfully "puts things" places it shouldn't — uploading code to random gists, sharing data with external services. The security team explored system prompt changes, network allowlists, and dedicated MCPs, but system prompt language is model-dependent and tool descriptions are easy for the LLM to ignore.

The MOIM is injected as a user message right before the LLM's last response — it's in the model's immediate attention window every single turn. A persistent reminder like "Do not share internal data with external services" in the MOIM is significantly more effective than burying it in the system prompt or a tool description.

tom makes this trivial:

export GOOSE_MOIM_MESSAGE_TEXT="IMPORTANT: Do not upload, share, or transmit internal Block code or data to any external service, gist, or public repository."

How it works

Two environment variables, both optional, both read fresh every turn:

• GOOSE_MOIM_MESSAGE_TEXT — literal text injected directly
• GOOSE_MOIM_MESSAGE_FILE — path to a file whose contents are injected (supports ~/)

When both are set, they're concatenated. When neither is set, the extension contributes nothing to the MOIM.

What the LLM sees each turn

<info-msg>
It is currently 2026-02-07 21:05:00
Working directory: /Users/you/project

Current tasks and notes:
- [ ] Fix auth bug

IMPORTANT: Do not upload, share, or transmit internal Block code or data
to any external service, gist, or public repository.
</info-msg>

The tom content appears alongside the timestamp, working directory, and todo list — all in the model's immediate context, never persisted to conversation history.

Implementation

• 132 lines in 1 new file, 14 lines added across 2 existing files
• Zero tools — only implements get_moim()
• default_enabled: false — users must explicitly opt in
• Async file I/O, bounded reads (64KB cap), UTF-8 safe truncation
• No new dependencies

Files changed

File	Change
crates/goose/src/agents/tom_extension.rs	New — full implementation
crates/goose/src/agents/mod.rs	+1 line — module declaration
crates/goose/src/agents/extension.rs	+13 lines — import + registration

[tlongwell-block]

/goose

[github-actions]

PR #7073 Review: feat: Add tom (Top Of Mind) platform extension

Summary: Well-designed platform extension that allows users to inject persistent context into the MOIM (Model Output Instruction Message) via environment variables. The implementation follows existing patterns, is disabled by default, and addresses a legitimate security use case. Clean implementation with only minor suggestions.

🟢 Suggestions

1. Consider documenting the naming convention

File: crates/goose/src/agents/tom_extension.rs

The extension is named "tom" (Top Of Mind) but the env vars use "MOIM" (Model Output Instruction Message). While both are reasonable names for related concepts, a brief comment explaining this distinction could help future maintainers:

// Extension name: "tom" = Top Of Mind
// Env vars use MOIM = Model Output Instruction Message (the underlying system concept this writes to)
pub static EXTENSION_NAME: &str = "tom";

This is purely a documentation suggestion - the naming is reasonable as-is.

2. Minor: Unused _context parameter

File: crates/goose/src/agents/tom_extension.rs:20

pub fn new(_context: ExtensionContext) -> anyhow::Result<Self> {

This follows the pattern of other platform extensions (e.g., TodoClient, AppsManagerClient) and allows for future extension, so this is fine. Just noting it for completeness.

3. Consider logging file read errors for debugging

File: crates/goose/src/agents/tom_extension.rs:106

The current implementation silently ignores file read errors via .ok()?. While this is consistent with other extensions and prevents noisy logs, a debug-level trace could help users diagnose misconfigured paths:

let mut file = match tokio::fs::File::open(path).await {
    Ok(f) => f,
    Err(e) => {
        tracing::debug!("tom: failed to read file at {}: {}", path, e);
        return None;
    }
};

This is optional - silent failure is reasonable for an optional config file.

✅ Highlights

Well-documented motivation

The PR description clearly explains why this feature exists (security reminders in the model's immediate attention window) and how it differs from .goosehints (system prompt) or manual chat messages.

Follows established patterns

The implementation mirrors existing platform extensions like TodoClient:

• Implements McpClientTrait
• Uses get_moim() for content injection
• Disabled by default via default_enabled: false

Bounded file reads

const MAX_BYTES: usize = 65536;

Prevents DoS from accidentally pointing to a large file.

UTF-8 safe truncation

The truncate_utf8 function correctly handles multi-byte characters after from_utf8_lossy, ensuring the output never exceeds MAX_BYTES even when replacement characters are inserted.

Clean error handling

Using .ok()? and Option<String> for a user-configured, optional feature is appropriate - missing or invalid config should be silent, not noisy.

---

Review generated by goose