Goose
Add usage tracking, cost controls, and security guardrails to your Goose AI agent
Goose is a local, extensible, open source AI agent that automates engineering tasks. While Goose delivers powerful autonomous coding capabilities, Portkey adds essential enterprise controls for production deployments:
- Unified AI Gateway - Single interface for 1600+ LLMs with API key management. (not just OpenAI & Anthropic)
- Centralized AI observability: Real-time usage tracking for 40+ key metrics and logs for every request
- Governance - Real-time spend tracking, set budget limits and RBAC in your Goose setup
- Security Guardrails - PII detection, content filtering, and compliance controls
This guide will walk you through integrating Portkey with Goose and setting up essential enterprise features including usage tracking, access controls, and budget management.
If you are an enterprise looking to use Goose in your organisation, check out this section.
1. Setting up Portkey
Portkey allows you to use 1600+ LLMs with your Goose setup, with minimal configuration required. Let’s set up the core components in Portkey that you’ll need for integration.
Create an Integration
Navigate to the Integrations section on Portkey’s Sidebar. This is where you’ll connect your LLM providers.
- Find your preferred provider (e.g., OpenAI, Anthropic, etc.)
- Click Connect on the provider card
- In the “Create New Integration” window:
- Enter a Name for reference
- Enter a Slug for the integration
- Enter your API Key and other provider specific details for the provider
- Click Next Step
In your next step you’ll see workspace provisioning options. You can select the default “Shared Team Workspace” if this is your first time OR chose your current one.
Configure Models
On the model provisioning page:
- Leave all models selected (or customize)
- Toggle Automatically enable new models if desired
Click Create Integration to complete the integration
Copy the Provider Slug
Once your Integration is created:
- Go to Model Catalog → Models tab
- Find and click on you your model button (if your model is not visible, you need to edit your integration from the last step)
- Copy the slug (e.g.,
@openai-dev/gpt-4o
)
We recommend clicking the Run Test Request
button on this step to verify your integration. If you see the error: You do not have enough permissions to execute this request
, you’ll need to create a User API Key for this step to work properly.
You can create one here. You should be able to see simple chat request output on this step.
This is your unique identifier - you’ll need it for the next step. This slug is basically @your-provider-slug/your-model-name
Create Default Config
Portkey’s config is a JSON object used to define routing rules for requests to your gateway. You can create these configs in the Portkey app and reference them in requests via the config ID. For this setup, we’ll create a simple config using your provider (OpenAI) and model (gpt-4o).
- Go to Configs in Portkey dashboard
- Create new config with:
- Save and note the Config ID & Name for the next step
Configure Portkey API Key
Finally, create a Portkey API key:
- Go to API Keys in Portkey
- Create new API key
- Select the config that you create from previous step
- Generate and save your API key
Save your API key securely - you’ll need it for Goose integration.
🎉 Voila, Setup complete! You now have everything needed to integrate Portkey with your application.
2. Integrate Portkey with Goose
Now that you have your Portkey components set up, let’s connect them to Goose. Since Portkey provides OpenAI API compatibility, integration is straightforward and requires just a few configuration steps in your Goose setup.
You need your Portkey API Key from Step 1 before going further.
Launch Goose
Open Goose either through:
- The desktop application
- The CLI by running
goose
in your terminal
Configure LLM Provider
- Navigate to Goose’s LLM provider settings
- Select OpenAI as your provider
Configure Portkey Integration
In the OpenAI provider settings, configure:
- Base URL:
https://api.portkey.ai/v1
- API Key: Your Portkey API key from the setup
That’s it! Goose will now route all LLM requests through Portkey.
You can monitor your requests and usage in the Portkey Dashboard.
Make sure your virtual key has sufficient budget and rate limits for your expected usage. Also use the complete model name given by the provider.
3. Set Up Enterprise Governance for Goose
Why Enterprise Governance? If you are using Goose inside your orgnaization, you need to consider several governance aspects:
- Cost Management: Controlling and tracking AI spending across teams
- Access Control: Managing team access and workspaces
- Usage Analytics: Understanding how AI is being used across the organization
- Security & Compliance: Maintaining enterprise security standards
- Reliability: Ensuring consistent service across all users
- Model Management: Managing what models are being used in your setup
Portkey adds a comprehensive governance layer to address these enterprise
Enterprise Implementation Guide
Step 1: Implement Budget Controls & Rate Limits
Step 1: Implement Budget Controls & Rate Limits
Step 1: Implement Budget Controls & Rate Limits
Model Catalog enables you to have granular control over LLM access at the team/department level. This helps you:
- Set up budget limits
- Prevent unexpected usage spikes using Rate limits
- Track departmental spending
Setting Up Department-Specific Controls:
- Navigate to Model Catalog in Portkey dashboard
- Create new Provider for each engineering team with budget limits and rate limits
- Configure department-specific limits
Step 2: Define Model Access Rules
Step 2: Define Model Access Rules
Step 2: Define Model Access Rules
As your AI usage scales, controlling which teams can access specific models becomes crucial. You can simply manage AI models in your org by provisioning model at the top integration level.
Step 4: Set Routing Configuration
Step 4: Set Routing Configuration
Portkey allows you to control your routing logic very simply with it’s Configs feature. Portkey Configs provide this control layer with things like:
- Data Protection: Implement guardrails for sensitive code and data
- Reliability Controls: Add fallbacks, load-balance, retry and smart conditional routing logic
- Caching: Implement Simple and Semantic Caching. and more…
Example Configuration:
Here’s a basic configuration to load-balance requests to OpenAI and Anthropic:
Create your config on the Configs page in your Portkey dashboard. You’ll need the config ID for connecting to Goose’s setup.
Configs can be updated anytime to adjust controls without affecting running applications.
Step 4: Implement Access Controls
Step 4: Implement Access Controls
Step 3: Implement Access Controls
Create User-specific API keys that automatically:
- Track usage per developer/team with the help of metadata
- Apply appropriate configs to route requests
- Collect relevant metadata to filter logs
- Enforce access permissions
Create API keys through:
Example using Python SDK:
For detailed key management instructions, see our API Keys documentation.
Step 5: Deploy & Monitor
Step 5: Deploy & Monitor
Step 4: Deploy & Monitor
After distributing API keys to your engineering teams, your enterprise-ready Goose setup is ready to go. Each developer can now use their designated API keys with appropriate access levels and budget controls. Apply your governance setup using the integration steps from earlier sections Monitor usage in Portkey dashboard:
- Cost tracking by engineering team
- Model usage patterns for AI agent tasks
- Request volumes
- Error rates and debugging logs
Enterprise Features Now Available
Goose now has:
- Team-level budget controls
- Model access governance
- Usage tracking & attribution
- Security guardrails for code generation
- Reliability features for uninterrupted development
Portkey Features
Now that you have enterprise-grade Goose setup, let’s explore the comprehensive features Portkey provides to ensure secure, efficient, and cost-effective AI agent operations.
1. Comprehensive Metrics
Using Portkey you can track 40+ key metrics including cost, token usage, response time, and performance across all your LLM providers in real time. You can also filter these metrics based on custom metadata that you can set in your configs. Learn more about metadata here.
2. Advanced Logs
Portkey’s logging dashboard provides detailed logs for every request made by Goose. These logs include:
- Complete request and response tracking for debugging
- Metadata tags for filtering by team or project
- Cost attribution per task
- Complete conversation history with the AI agent
3. Unified Access to 1600+ LLMs
You can easily switch between 1600+ LLMs. Call various LLMs such as Anthropic, Gemini, Mistral, Azure OpenAI, Google Vertex AI, AWS Bedrock, and many more by simply changing the virtual key
in your default config
object.
4. Advanced Metadata Tracking
Using Portkey, you can add custom metadata to your LLM requests for detailed tracking and analytics. Use metadata tags to filter logs, track usage, and attribute costs across engineering teams and projects.
Custom Metadata
5. Enterprise Access Management
Budget Controls
Set and manage spending limits across teams and departments. Control costs with granular budget limits and usage tracking.
Single Sign-On (SSO)
Enterprise-grade SSO integration with support for SAML 2.0, Okta, Azure AD, and custom providers for secure authentication.
Organization Management
Hierarchical organization structure with workspaces, teams, and role-based access control for enterprise-scale deployments.
Access Rules & Audit Logs
Comprehensive access control rules and detailed audit logging for security compliance and usage tracking.
6. Reliability Features
Fallbacks
Automatically switch to backup targets if the primary target fails.
Conditional Routing
Route requests to different targets based on specified conditions.
Load Balancing
Distribute requests across multiple targets based on defined weights.
Caching
Enable caching of responses to improve performance and reduce costs.
Smart Retries
Automatic retry handling with exponential backoff for failed requests
Budget Limits
Set and manage budget limits across teams and departments. Control costs with granular budget limits and usage tracking.
7. Advanced Guardrails
Protect your codebase and enhance reliability with real-time checks on LLM inputs and outputs. Leverage guardrails to:
- Prevent sensitive code or API key leaks
- Enforce compliance with coding standards
- PII detection and masking in generated code
- Content filtering for inappropriate code generation
- Custom security rules for your organization
- Compliance checks for internal coding policies
Guardrails
Implement real-time protection for your AI agent interactions with automatic detection and filtering of sensitive content, PII, and custom security rules. Enable comprehensive data protection while maintaining compliance with organizational policies.
FAQs
How do I update my Virtual Key limits after creation?
How do I update my Virtual Key limits after creation?
You can update your Virtual Key limits at any time from the Portkey dashboard:
- Go to Virtual Keys section
- Click on the Virtual Key you want to modify
- Update the budget or rate limits
- Save your changes
Can I use multiple LLM providers with the same API key?
Can I use multiple LLM providers with the same API key?
Yes! You can create multiple Virtual Keys (one for each provider) and attach them to a single config. This config can then be connected to your API key, allowing you to use multiple providers through a single API key. This enables Goose to leverage different models for different tasks.
How do I track costs for different engineering teams?
How do I track costs for different engineering teams?
Portkey provides several ways to track team costs:
- Create separate Virtual Keys for each team
- Use metadata tags in your configs
- Set up team-specific API keys
- Monitor usage in the analytics dashboard
What happens if a team exceeds their budget limit?
What happens if a team exceeds their budget limit?
When a team reaches their budget limit:
- Further requests will be blocked
- Team admins receive notifications
- Usage statistics remain available in dashboard
- Limits can be adjusted if needed
Next Steps
Join our Community
For enterprise support and custom features, contact our enterprise team.