feat: external goosed server

[michaelneale]

fixes: #4115 which has been requested a few times. Let the goose app connect to any goose server.

example motivation:

I work on highly regulated genomics data that sits in a protected environment. Being able to run a desktop on a local computer that is connected via ssh to some sort of 'goose server" running in the protected environment would be helpful. For example, I could loop at data visualizations in the desktop app, which would be impossible via the goose CLI in a terminal.

If you accidentally start it and it can't connect:

you can then run a goose server with:

./target/release/goosed agent

and use the defaults in the form (127.0.0.1, port 3000, secret is 'test')

[Copilot]

Pull request overview

This PR adds support for connecting the desktop application to an external goosed server instead of always launching a local bundled instance. Users can configure an external server URL and secret key through a new settings UI, enabling scenarios like connecting to a remote development server or a shared team instance.

Key Changes:

• Adds external backend configuration interface with URL and secret key settings
• Refactors startGoosed function to return a structured result object with baseUrl instead of just a port
• Implements graceful error handling that offers to disable external backend and retry if connection fails

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
ui/desktop/src/utils/settings.ts	Adds ExternalGoosedConfig interface with enabled, url, and secret fields
ui/desktop/src/preload.ts	Exposes saveSettings IPC method to renderer process
ui/desktop/src/main.ts	Implements external backend logic, CSP updates for external URLs, secret key management, and error recovery flow
ui/desktop/src/goosed.ts	Refactors startGoosed to accept options object and return structured GoosedResult with baseUrl field
ui/desktop/src/config.ts	Simplifies getApiUrl to use full GOOSE_API_HOST URL instead of constructing from host + port
ui/desktop/src/components/settings/app/ExternalBackendSection.tsx	New settings UI component for configuring external backend with URL validation and secret key input
ui/desktop/src/components/settings/app/AppSettingsSection.tsx	Integrates external backend settings section into app settings

[Copilot]

[nitpick] Setting GOOSE_PORT: 0 in additionalArguments when using an external backend or custom URL could be confusing. Since this value is no longer meaningful (the actual connection is via GOOSE_API_HOST), consider removing it from the config or documenting why it's set to 0.

Suggested change

GOOSE_PORT: 0,

[Copilot]

[nitpick] The URL validation only checks the protocol but doesn't validate the host. Consider adding validation to prevent localhost URLs when external backend is enabled, or document that localhost is intentionally allowed for development/testing purposes.

[Copilot]

The recursive call to createChat is missing parameters that were passed to the original call. If this function was invoked with resumeSessionId, viewType, recipeDeeplink, scheduledJobId, recipeId, or recipeParameters, these will be lost in the retry. Consider passing all original parameters: return createChat(app, initialMessage, dir, _version, resumeSessionId, viewType, recipeDeeplink, scheduledJobId, recipeId, recipeParameters);

Suggested change

	return createChat(app, initialMessage, dir);
	return createChat(app, initialMessage, dir, _version, resumeSessionId, viewType, recipeDeeplink, scheduledJobId, recipeId, recipeParameters);

[michaelneale]

I don't think this comment makes any sense, it is a fall back

[michaelneale]

this is for CSP when the goose-server is remote - or an attempt to cc @aharvard