Complete Windsurf integration skill pack with 30 skills covering AI code editing, Cascade workflows, codebase understanding, and developer productivity. Flagship+ tier vendor pack.

30 Skills

MIT License

Free Pricing

Installation

Open Claude Code and run this command:

/plugin install windsurf-pack@claude-code-plugins-plus

Use --global to install for all projects, or --project for current project only.

Skills (30)

windsurf-advanced-troubleshooting SKILL.md View full skill →

Advanced Windsurf debugging for hard-to-diagnose IDE, Cascade, and indexing issues.

ReadGrepBash(ls:*)Bash(curl:*)Bash(find:*)

Windsurf Advanced Troubleshooting

Overview

Deep debugging techniques for Windsurf issues that resist standard troubleshooting. Covers Cascade context corruption, indexing engine problems, extension conflicts, MCP failures, and workspace configuration debugging.

Prerequisites

Standard troubleshooting attempted (see windsurf-common-errors)
Terminal access
Understanding of Windsurf's architecture (VS Code base + Codeium AI layer)

Instructions

Step 1: Isolate Windsurf Layer vs VS Code Layer


Windsurf = VS Code + Codeium AI Layer

If the issue is:
- Editor crashes, rendering, file system → VS Code layer
- AI suggestions wrong, Cascade fails, indexing stuck → Codeium layer
- Extension not working → Extension compatibility layer

Test VS Code layer:
  windsurf --disable-extensions  # Run without extensions
  # If issue persists → VS Code layer problem

Test Codeium layer:
  # Disable Codeium: Extensions > search "codeium" > Disable
  # If issue resolves → Codeium layer problem

Step 2: Debug Cascade Context Issues

When Cascade consistently gives wrong or irrelevant suggestions:


set -euo pipefail
echo "=== Cascade Context Debug ==="

# 1. Check rules file
echo "--- .windsurfrules ---"
if [ -f .windsurfrules ]; then
  CHARS=$(wc -c < .windsurfrules)
  echo "Size: $CHARS chars (limit: 6000)"
  [ "$CHARS" -gt 6000 ] && echo "WARNING: Over limit — content truncated!"
else
  echo "MISSING — Cascade has no project context"
fi

# 2. Check workspace rules
echo "--- Workspace Rules ---"
TOTAL_RULE_CHARS=0
if [ -d .windsurf/rules ]; then
  for rule in .windsurf/rules/*.md; do
    [ -f "$rule" ] || continue
    CHARS=$(wc -c < "$rule")
    TOTAL_RULE_CHARS=$((TOTAL_RULE_CHARS + CHARS))
    HAS_TRIGGER=$(grep -c "^trigger:" "$rule" || true)
    echo "  $(basename "$rule"): $CHARS chars, trigger: $([[ $HAS_TRIGGER -gt 0 ]] && echo 'YES' || echo 'MISSING')"
  done
  echo "Total: $TOTAL_RULE_CHARS chars"
else
  echo "No .windsurf/rules/ directory"
fi

# 3. Check total rules budget
RULES_CHARS=$(wc -c < .windsurfrules 2>/dev/null || echo 0)
GLOBAL_CHARS=$(wc -c < ~/.windsurf/global_rules.md 2>/dev/null || echo 0)
TOTAL=$((RULES_CHARS + GLOBAL_CHARS))
echo "--- Total Rules Budget ---"
echo "Project rules: $RULES_CHARS + Global rules: $GLOBAL_CHARS = $TOTAL chars (limit: 12000)"
[ "$TOTAL" -gt 12000 ] && echo "WARNING: Over 12000 total — rules will be truncated!"

# 4. Check memories
echo "--- Memories ---"
MEMORY_DIR="$HOME/.codeium/windsurf/memories"
if [ -d "$MEMORY_DIR" ]; then
  MEMORY_COUNT=$(find "$MEMO


                
                  
                  
                  windsurf-architecture-variants
                  SKILL.md
                  View full skill →
                
                
                  Choose workspace architectures for different project scales in Windsurf.
                  
                      ReadGrep
                    
                
                
                  Windsurf Architecture Variants
Overview
How you structure your Windsurf workspace directly impacts Cascade's effectiveness. Large monorepos, multi-service setups, polyglot codebases, and different team sizes each require different approaches. This skill covers workspace strategies from solo projects to 100+ developer organizations.
Prerequisites

Windsurf installed
Understanding of Cascade's workspace indexing model
Git workflow established

Instructions
Variant 1: Single Project (Solo / Small Team)
Best for: 1-3 developers, single service, <10K files.

my-project/
├── .windsurfrules          # Full project context
├── .codeiumignore          # Exclude build artifacts
├── src/
├── tests/
├── package.json
└── README.md

Configuration:

Open entire project as workspace
Cascade indexes everything — no partitioning needed
.windsurfrules contains complete stack and architecture details

Variant 2: Focused Monorepo Windows (Medium Team)
Best for: 3-15 developers, monorepo with 2-10 packages.

monorepo/
├── .windsurfrules          # Brief shared conventions
├── .codeiumignore          # Aggressive exclusions at root
├── packages/
│   ├── api/
│   │   ├── .windsurfrules  # API-specific rules
│   │   └── .codeiumignore
│   ├── web/
│   │   ├── .windsurfrules  # Frontend-specific rules
│   │   └── .codeiumignore
│   └── shared/
│       ├── .windsurfrules  # Library conventions
│       └── .codeiumignore
└── .windsurf/
    └── workflows/          # Shared workflows

Strategy:

# Each developer opens their package directory:
windsurf packages/api/        # Backend dev
windsurf packages/web/        # Frontend dev
windsurf packages/shared/     # Library maintainer

# NOT: windsurf monorepo/     # Too broad!

Variant 3: Multi-Window Team Workflow (Large Team)
Best for: 15+ developers, microservices, 50K+ total files.

Developer A: Windsurf → services/auth/        (auth service)
Developer B: Windsurf → services/payments/    (payments)
Developer C: Windsurf → services/notifications/ (notifications)
Developer D: Windsurf → shared/libs/          (shared libraries)

Each developer gets focused Cascade context per workspace window.

Team conventions:

1. One Windsurf window per service/package
2. Every service has its own .windsurfrules and .codeiumignore
3. Cascade tasks scoped to current workspace only
4. Cross-service changes: open both workspaces side by side
5. Tag cascade commits: git commit -m "[cascade] description"
6. Use shared workflows from central config repo

Variant 4: Polyglot / Multi-Lang


                
                  
                  
                  windsurf-ci-integration
                  SKILL.md
                  View full skill →
                
                
                  Integrate Windsurf Cascade workflows into CI/CD pipelines and team automation.
                  
                      ReadWriteEditBash(gh:*)
                    
                
                
                  Windsurf CI Integration
Overview
Integrate Windsurf configuration validation and AI code quality gates into CI/CD pipelines. Covers validating .windsurfrules, enforcing team policies for AI-generated code, and automating Windsurf config distribution.
Prerequisites

GitHub repository with Actions enabled
Windsurf configuration files in repository
Team agreement on AI code review policy

Instructions
Step 1: Validate Windsurf Config in CI

# .github/workflows/windsurf-config.yml
name: Windsurf Config Validation

on:
  pull_request:
    paths:
      - '.windsurfrules'
      - '.codeiumignore'
      - '.windsurf/**'

jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Check .windsurfrules exists and is valid
        run: |
          if [ ! -f .windsurfrules ]; then
            echo "::error::.windsurfrules is missing"
            exit 1
          fi
          CHARS=$(wc -c < .windsurfrules)
          if [ "$CHARS" -gt 6000 ]; then
            echo "::error::.windsurfrules exceeds 6000 char limit ($CHARS chars)"
            exit 1
          fi
          echo ".windsurfrules: $CHARS chars (limit: 6000)"

      - name: Check .codeiumignore covers secrets
        run: |
          REQUIRED_PATTERNS=(".env" "*.pem" "*.key" "credentials")
          MISSING=()
          for pattern in "${REQUIRED_PATTERNS[@]}"; do
            if ! grep -q "$pattern" .codeiumignore 2>/dev/null; then
              MISSING+=("$pattern")
            fi
          done
          if [ ${#MISSING[@]} -gt 0 ]; then
            echo "::warning::.codeiumignore missing patterns: ${MISSING[*]}"
          fi

      - name: Validate workspace rules frontmatter
        run: |
          for rule in .windsurf/rules/*.md; do
            [ -f "$rule" ] || continue
            if ! head -1 "$rule" | grep -q "^---"; then
              echo "::error::$rule missing YAML frontmatter"
              exit 1
            fi
            # Check for required trigger field
            if ! grep -q "^trigger:" "$rule"; then
              echo "::warning::$rule missing 'trigger:' in frontmatter"
            fi
          done

Step 2: AI Code Quality Gate

# .github/workflows/ai-code-review.yml
name: AI Code Quality Gate

on: pull_request

jobs:
  ai-review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with: { fetch-depth: 0 }

      - name: Detect large AI-generated changesets
        run: |
          FILES_CHANGED=$(git diff --name-only origin/main..HEAD | wc -l)
          if [ "$FILES_CHANGED" -gt 20 ]; then


                
                  
                  
                  windsurf-common-errors
                  SKILL.md
                  View full skill →
                
                
                  Diagnose and fix common Windsurf IDE and Cascade errors.
                  
                      ReadGrepBash(curl:*)
                    
                
                
                  Windsurf Common Errors
Overview
Quick reference for the most common Windsurf IDE errors and their solutions. Covers Cascade failures, Supercomplete issues, indexing problems, and extension conflicts.
Prerequisites

Windsurf installed and previously working
Access to Windsurf settings and logs

Instructions
Error 1: Cascade Not Responding
Symptoms: Cascade panel shows spinner indefinitely, no response to prompts.
Solutions:

Check internet connection -- Cascade requires cloud access
Check Windsurf status: https://status.windsurf.com
Check credit balance: Windsurf widget (status bar) > Account
Restart Cascade: Command Palette > "Cascade: Restart"
Restart Windsurf: Cmd/Ctrl+Shift+P > "Reload Window"

Error 2: Supercomplete Not Showing Suggestions
Symptoms: No ghost text appears while typing.
Solutions:

Check if disabled: Click Windsurf widget (status bar) > verify autocomplete is ON
Check file type: Supercomplete may be disabled for certain languages
Check .codeiumignore: Current file might be excluded from indexing
Ensure not conflicting: Disable GitHub Copilot or TabNine if installed


// Verify in settings.json
{
  "editor.inlineSuggest.enabled": true,
  "codeium.autocomplete.enable": true
}

Error 3: Indexing Stuck or Slow
Symptoms: Status bar shows "Indexing..." for extended periods, Cascade lacks context.
Solutions:

Check workspace size: Windsurf struggles with 100K+ files without ignore rules
Create or update .codeiumignore:


node_modules/
.git/
dist/
build/
.next/
coverage/
vendor/
__pycache__/
*.min.js
*.bundle.js
*.map


Open a subdirectory instead of monorepo root
Command Palette > "Codeium: Reset Indexing"

Error 4: Extension Conflicts
Symptoms: Duplicate suggestions, slow editor, features not working.
Known conflicts:

GitHub Copilot — conflicts with Supercomplete (disable one)
TabNine — conflicts with Supercomplete
Cody (Sourcegraph) — conflicts with Cascade
IntelliCode — may interfere with completions

Fix: Disable conflicting extensions:

Extensions sidebar > Search "copilot" > Disable

Error 5: Cascade Writes to Wrong Files
Symptoms: Cascade modifies files you didn't intend.
Solutions:

Be specific in prompts: name exact file paths
Add constraints: "Don't modify any files except src/services/auth.t


                
                  
                  
                  windsurf-core-workflow-a
                  SKILL.md
                  View full skill →
                
                
                  Execute Windsurf's primary workflow: Cascade Write mode for multi-file agentic coding.
                  
                      ReadWriteEditBash(npm:*)Grep
                    
                
                
                  Windsurf Core Workflow A — Cascade Write Mode
Overview
Cascade Write mode is Windsurf's primary productivity tool. It acts as an autonomous agent that can create files, modify code across multiple files, run terminal commands, install dependencies, and debug errors -- all from a single natural language prompt. This is the "money-path" workflow for Windsurf users.
Prerequisites

Windsurf IDE with Cascade enabled
.windsurfrules configured (see windsurf-sdk-patterns)
Git initialized with clean working tree

Instructions
Step 1: Create a Git Checkpoint
Always commit or stash before a Cascade session. Cascade writes directly to your files.

git add -A && git commit -m "checkpoint: before cascade session"
# Or for uncommitted work:
git stash push -m "pre-cascade stash"

Step 2: Open Cascade in Write Mode
Press Cmd/Ctrl+L to open the Cascade panel. Ensure "Write" mode is selected (not "Chat"). Write mode allows Cascade to:

Create and modify files
Run terminal commands (with Turbo or per-command approval)
Install dependencies
Read terminal output for debugging
Open browser previews

Step 3: Write an Effective Prompt
Structure your prompt with scope, specifics, and constraints:

"In src/services/, create a NotificationService that:
1. Sends email via Resend API (already in package.json)
2. Sends Slack messages via webhook URL from env
3. Uses the Result<T,E> pattern from src/types/result.ts
4. Includes retry logic with exponential backoff (max 3 retries)
5. Add unit tests in tests/services/notification.test.ts
Don't modify any existing files except to add exports."

Step 4: Review Cascade's Plan and Execution
Cascade shows its reasoning and plan before executing:

Cascade output flow:
1. "I'll create the notification service with email and Slack support..."
2. Creates src/services/notification.ts (shows diff)
3. Creates tests/services/notification.test.ts (shows diff)
4. Runs: npm install resend (if needed)
5. Runs: npx vitest run tests/services/notification.test.ts
6. Reports results

Review each file diff in the Cascade output. You can:

Revert individual steps by hovering over a step and clicking the revert arrow
Revert all to return to the state before the Cascade session
Create named checkpoints for complex multi-step sessions

Step 5: Iterate on Errors
If tests fail, Cascade retains context about what it just did:

"The test for sendSlack is failing with 'fetch is not defined'.
Fix it by using the node:test built-in


                
                  
                  
                  windsurf-core-workflow-b
                  SKILL.md
                  View full skill →
                
                
                  Execute Windsurf's secondary workflow: Workflows, Memories, and reusable automation.
                  
                      ReadWriteEditBash(npm:*)Grep
                    
                
                
                  Windsurf Core Workflow B — Workflows & Memories
Overview
Windsurf Workflows are reusable, multi-step automation sequences saved as markdown files and invoked via slash commands in Cascade. Memories are persistent facts that survive across sessions. Together they eliminate repetitive prompting and maintain project context.
Prerequisites

Windsurf with Cascade enabled
Understanding of windsurf-core-workflow-a (Write mode)
.windsurfrules configured

Instructions
Step 1: Create a Workflow File
Workflows live in .windsurf/workflows/ as markdown files. Each becomes a slash command.

<!-- .windsurf/workflows/new-feature.md -->
---
name: new-feature
description: Scaffold a new feature with service, route, and tests
---

## Steps

1. Ask the user for: feature name, description, and which database tables are involved
2. Create `src/services/${feature-name}.ts` with:
   - CRUD methods using Result<T,E> pattern
   - Input validation with zod schemas
   - JSDoc comments on all public methods
3. Create `src/routes/${feature-name}.ts` with:
   - GET, POST, PUT, DELETE route handlers
   - Request validation middleware
   - Consistent error response format
4. Create `tests/services/${feature-name}.test.ts` with:
   - Unit tests for all service methods
   - Both success and error paths
5. Run `npx vitest run tests/services/${feature-name}.test.ts`
6. If tests pass, report success. If not, fix and re-run.

Invoke in Cascade: /new-feature
Step 2: Build a Deployment Workflow

<!-- .windsurf/workflows/deploy.md -->
---
name: deploy
description: Deploy to staging with pre-flight checks
---

## Pre-Flight Checks
1. Run `npm run typecheck` — stop if errors
2. Run `npm test` — stop if failures
3. Run `npm run lint` — stop if errors
4. Check `git status` — stop if uncommitted changes

## Deploy
5. Run `git push origin HEAD`
6. Run `npm run build`
7. Run `npm run deploy:staging`

## Post-Deploy
8. Run `curl -sf https://staging.example.com/health | jq .`
9. Report deploy status with health check result

Step 3: Enable Turbo Annotations in Workflows
Add turbo annotations to auto-execute specific commands:

<!-- In any workflow step -->
Run the following command:

// turbo
npm run typecheck


Or auto-run all commands in the workflow:

// turbo-all


Turbo annotations respect allow/deny lists configured in settings.

### Step 4: Manage Cascade Memories

Memories persist facts across sessions. They are auto-generated or manually created.

**Create a memory manually:**

Cascade prompt: "Remember that our API uses snake_case for JSON
field names but camelCase for TypeScri


                
                  
                  
                  windsurf-cost-tuning
                  SKILL.md
                  View full skill →
                
                
                  Optimize Windsurf licensing costs through seat management, tier selection, and credit monitoring.
                  
                      ReadGrep
                    
                
                
                  Windsurf Cost Tuning
Overview
Optimize Windsurf AI IDE licensing costs by right-sizing seat allocation, matching plan tiers to actual usage, and monitoring credit consumption. Windsurf charges per seat with different tiers offering different AI capabilities.
Prerequisites

Windsurf Admin dashboard access (Teams or Enterprise)
Team usage data (at least 30 days)
Understanding of team roles and AI usage patterns

Instructions
Step 1: Understand the Pricing Model

Plan
Price
Credits/mo
Key Features


Free
$0
25
SWE-1 Lite unlimited, basic Supercomplete


Pro
$15/mo
500
All models, Cascade Write, Previews, 5 deploys/day


Teams
$30/user/mo
500/user
Admin controls, shared billing, analytics


Enterprise
Custom ($60+/user)
Custom
SSO, RBAC, audit, self-hosted option


Annual commitment typically saves 15-20% over monthly billing.
Step 2: Audit Seat Utilization

# Export from Admin Dashboard > Analytics > Member Usage
seat_audit:
  total_pro_seats: 20

  high_usage: 8         # >20 Cascade interactions/day — power users
  medium_usage: 5       # 5-20 interactions/day — regular users
  low_usage: 4          # 1-5 interactions/day — occasional users
  inactive: 3           # <1 interaction/day — wasting money

  monthly_cost: 600     # 20 x $30/seat
  wasted_on_inactive: 90  # 3 x $30/seat

  actions:
    - Downgrade 3 inactive seats to Free (save $90/mo)
    - Offer training to 4 low-usage users
    - Review low users after 30 days — downgrade if still low

Step 3: Match Tier to Role

# Not every team member needs the same tier
seat_allocation:
  full_time_developers:
    tier: Pro or Teams
    features_used: [cascade_write, supercomplete, command, previews]
    justification: "Core workflow, high ROI"

  code_reviewers:
    tier: Free
    features_needed: [supercomplete]
    justification: "Reading more than writing, occasional completions"

  designers:
    tier: Free
    features_needed: []
    justification: "Mainly CSS/HTML, AI less impactful"

  contractors_short_term:
    tier: Free
    justification: "Temporary, not worth Pro investment"

  tech_leads:
    tier: Pro
    features_used: [cascade_chat, code_review]
    justification: "Architecture questions, PR review assistance"

Step 4: Calculate ROI per Seat

function calculateSeatROI(member: {
  monthlyCreditsUsed: number;
  cascadeTasksCompleted: number;
  estimatedHoursSaved: number;
}) {
  const seatCostPerMonth = 30; // Teams tier


                
                  
                  
                  windsurf-data-handling
                  SKILL.md
                  View full skill →
                
                
                  Control what code and data Windsurf AI can access and process in your workspace.
                  
                      ReadWriteEdit
                    
                
                
                  Windsurf Data Handling
Overview
Control what code and data Windsurf's AI (Cascade, Supercomplete) can access. Covers file exclusion patterns, telemetry controls, Codeium's data processing model, and compliance configuration for regulated environments.
Prerequisites

Windsurf IDE installed
Understanding of Codeium's data processing model
Identified sensitive files and directories in workspace

Instructions
Step 1: Understand Codeium's Data Model

# What happens with your code in Windsurf
data_flow:
  indexed_locally:
    what: "File contents, structure, dependencies"
    where: "Local machine only"
    purpose: "Supercomplete context, Cascade awareness"
    retention: "Persists until re-indexed"

  sent_to_cloud:
    what: "Cascade prompts, code snippets around cursor"
    where: "Codeium cloud (or self-hosted for Enterprise)"
    purpose: "AI model inference"
    retention: "Zero-data retention for ALL paid plans"

  never_processed:
    what: "Files in .codeiumignore, .gitignore, node_modules"
    where: "N/A"
    purpose: "N/A"

  compliance:
    certifications: ["SOC 2 Type II", "FedRAMP High"]
    hipaa: "BAA available for Enterprise customers"
    data_retention: "Zero for paid plans, configurable for Enterprise"
    deployment: "Cloud, Hybrid, or Self-Hosted options"

Step 2: Configure .codeiumignore for Data Protection

# .codeiumignore — files Windsurf AI will NEVER see or index
# Uses gitignore syntax. Default: .gitignore and node_modules excluded.

# ===== SECRETS =====
.env
.env.*
.env.local
credentials.json
serviceAccountKey.json
*.pem
*.key
*.p12
*.pfx
.aws/
.gcloud/
.azure/
vault-config.*

# ===== CUSTOMER DATA =====
data/customers/
data/exports/
data/backups/
*.sql
*.sql.gz
*.dump
fixtures/production-*

# ===== INFRASTRUCTURE SECRETS =====
terraform.tfstate
terraform.tfstate.backup
*.tfvars
*.auto.tfvars
ansible/vault*

# ===== COMPLIANCE BOUNDARIES =====
# PCI zone — credit card processing code
src/pci/

# HIPAA zone — health data processing
src/hipaa/

# Financial data
reports/financial/

Step 3: Disable Telemetry (Regulated Environments)

// settings.json — maximum privacy configuration
{
  "codeium.enableTelemetry": false,
  "codeium.enableSnippetTelemetry": false,
  "telemetry.telemetryLevel": "off",
  "update.showReleaseNotes": false
}

Step 4: Configure Autocomplete Data Boundaries

// Disable Supercomplete for sensitive file types
{
  "codeium.autocomplete.languages": {
    "plaintext": false,
    "env": false,
    "d


                
                  
                  
                  windsurf-debug-bundle
                  SKILL.md
                  View full skill →
                
                
                  Collect Windsurf diagnostic information for troubleshooting and support tickets.
                  
                      ReadBash(grep:*)Bash(ls:*)Bash(tar:*)Grep
                    
                
                
                  Windsurf Debug Bundle
Current State
!windsurf --version 2>/dev/null || echo 'Windsurf CLI not in PATH'
!node --version 2>/dev/null || echo 'N/A'
!uname -a
Overview
Collect all diagnostic information needed to troubleshoot Windsurf issues or submit effective support tickets.
Prerequisites

Windsurf installed (even if malfunctioning)
Terminal access
Permission to read Windsurf config directories

Instructions
Step 1: Collect Windsurf Configuration State

#!/bin/bash
set -euo pipefail

BUNDLE="windsurf-debug-$(date +%Y%m%d-%H%M%S)"
mkdir -p "$BUNDLE"/{config,logs,workspace}

echo "=== Windsurf Debug Bundle ===" > "$BUNDLE/summary.txt"
echo "Generated: $(date -u +%Y-%m-%dT%H:%M:%SZ)" >> "$BUNDLE/summary.txt"

# 1. Windsurf version and environment
echo "--- Environment ---" >> "$BUNDLE/summary.txt"
windsurf --version >> "$BUNDLE/summary.txt" 2>&1 || echo "windsurf CLI not found" >> "$BUNDLE/summary.txt"
node --version >> "$BUNDLE/summary.txt" 2>&1
echo "OS: $(uname -srm)" >> "$BUNDLE/summary.txt"

# 2. Codeium config (redacted)
echo "--- Codeium Config ---" >> "$BUNDLE/summary.txt"
ls -la ~/.codeium/ >> "$BUNDLE/config/codeium-dir.txt" 2>&1 || echo "No ~/.codeium/" >> "$BUNDLE/config/codeium-dir.txt"

# 3. MCP server config (redacted)
if [ -f ~/.codeium/windsurf/mcp_config.json ]; then
  sed 's/"[A-Za-z0-9_-]\{20,\}"/"***REDACTED***"/g' ~/.codeium/windsurf/mcp_config.json > "$BUNDLE/config/mcp-config-redacted.json"
fi

# 4. Workspace config
cp .windsurfrules "$BUNDLE/workspace/" 2>/dev/null || true
cp .codeiumignore "$BUNDLE/workspace/" 2>/dev/null || true
ls -la .windsurf/ >> "$BUNDLE/workspace/windsurf-dir.txt" 2>/dev/null || true
ls -la .windsurf/rules/ >> "$BUNDLE/workspace/rules-dir.txt" 2>/dev/null || true

# 5. Extension list
windsurf --list-extensions > "$BUNDLE/config/extensions.txt" 2>/dev/null || echo "Cannot list extensions" > "$BUNDLE/config/extensions.txt"

Step 2: Collect Logs

# Windsurf logs location varies by OS:
# macOS: ~/Library/Application Support/Windsurf/logs/
# Linux: ~/.config/Windsurf/logs/
# Windows: %APPDATA%/Windsurf/logs/

LOG_DIR="${HOME}/.config/Windsurf/logs"
[ -d "$LOG_DIR" ] || LOG_DIR="${HOME}/Library/Application Support/Windsurf/logs"

if [ -d "$LOG_DIR" ]; then
  # Copy last 1000 lines of each log (redacted)
  for log in "$LOG_DIR&quo


                
                  
                  
                  windsurf-deploy-integration
                  SKILL.md
                  View full skill →
                
                
                  Deploy applications using Windsurf's built-in deployment features and Cascade automation.
                  
                      ReadWriteEditBash(npm:*)Bash(npx:*)Bash(git:*)
                    
                
                
                  Windsurf Deploy Integration
Overview
Windsurf offers native deployment integration (starting with Netlify) that lets you deploy directly from the IDE. Combined with Cascade workflows, you can automate the entire build-test-deploy pipeline without leaving the editor.
Prerequisites

Windsurf Pro plan or higher
Deployment platform account (Netlify, Vercel, or cloud provider)
Application ready to deploy
Git repository configured

Instructions
Step 1: Use Windsurf's Native Deploy (Netlify)
Windsurf has a first-party Netlify integration:

1. Open Cascade (Cmd/Ctrl+L)
2. Prompt: "Deploy this project to Netlify"
3. Cascade runs the build, connects to Netlify, and deploys
4. Preview URL appears in Cascade output
5. Click to verify in browser or use in-IDE Preview

For first-time setup:

Cascade prompt: "Set up Netlify deployment for this Next.js project.
Configure build command, output directory, and environment variables."

Step 2: Create a Deployment Workflow

<!-- .windsurf/workflows/deploy-staging.md -->
---
name: deploy-staging
description: Build, test, and deploy to staging
---

## Pre-Deploy Checks
// turbo-all
1. Run `git status` — abort if uncommitted changes
2. Run `npm run typecheck` — abort if type errors
3. Run `npm test` — abort if test failures
4. Run `npm run lint` — abort if lint errors

## Build and Deploy
5. Run `npm run build`
6. Run `npx netlify deploy --dir=dist --site=$NETLIFY_SITE_ID`
   Or: `npx vercel --yes`

## Post-Deploy Verification
7. Run `curl -sf $DEPLOY_URL/health | jq .`
8. Report: deploy URL, build time, health check result

Step 3: Vercel Deployment via Cascade

Cascade prompt: "Deploy this project to Vercel.
- Use the production branch for prod deploys
- Set these environment variables: DATABASE_URL, API_KEY
- Configure custom domain: app.example.com"

Cascade will run:

# Install Vercel CLI if needed
npm i -g vercel

# Deploy (Cascade handles interactive prompts)
vercel --yes

# Set environment variables
vercel env add DATABASE_URL production
vercel env add API_KEY production

# Configure domain
vercel domains add app.example.com

Step 4: Cloud Provider Deployment via Cascade

<!-- AWS deployment workflow -->
Cascade prompt: "Deploy this Express API to AWS using:
1. Docker container on ECS Fargate
2. ECR for container registry
3. Application Load Balancer
4. RDS PostgreSQL for database
Generate the Dockerfile, task definition, and deployment script."


<!-- Google Cloud Run deployment -->
Cascade prompt: "Deploy this to Cloud Run:
1. Build Docker image
2. Push to Artifact Registry
3


                
                  
                  
                  windsurf-enterprise-rbac
                  SKILL.md
                  View full skill →
                
                
                  Configure Windsurf enterprise SSO, RBAC, and organization-level controls.
                  
                      ReadWriteEdit
                    
                
                
                  Windsurf Enterprise RBAC
Overview
Manage enterprise Windsurf deployment: SSO/SAML configuration, role-based seat management, organization-wide AI policies, and admin portal controls. Covers Teams and Enterprise plan features.
Prerequisites

Windsurf Teams ($30/user/mo) or Enterprise (custom pricing) plan
Organization admin access at windsurf.com/dashboard
Identity provider for SSO (Enterprise only): Okta, Entra ID, Google Workspace

Instructions
Step 1: Configure SSO / SAML (Enterprise Only)
Navigate to Admin Dashboard > Security > SSO:

# SSO Configuration Steps
sso_setup:
  1_choose_idp:
    supported: ["Okta", "Microsoft Entra ID", "Google Workspace", "Any SAML 2.0 IdP"]

  2_configure_saml:
    entity_id: "https://windsurf.com/saml/your-org-id"
    acs_url: "https://windsurf.com/saml/callback"
    # Get these from Admin Dashboard > SSO > SAML Configuration

  3_idp_settings:
    # Configure in your IdP:
    sign_on_url: "https://windsurf.com/saml/login/your-org-id"
    audience_uri: "https://windsurf.com/saml/your-org-id"
    name_id_format: "emailAddress"
    attribute_statements:
      email: "user.email"
      firstName: "user.firstName"
      lastName: "user.lastName"

  4_enforce:
    enforce_sso: true  # Block password login after SSO is verified
    auto_provision: true  # New IdP users get Windsurf seats automatically
    domain_restriction: ["yourcompany.com"]  # Only allow company emails

Step 2: Configure Roles and Permissions

# Windsurf RBAC Model
roles:
  owner:
    description: "Organization owner — full control"
    permissions:
      - Manage billing and subscription
      - Add/remove admins
      - Configure SSO
      - View all analytics
      - Manage all seats

  admin:
    description: "Team administrator"
    permissions:
      - Add/remove members
      - Assign seat tiers (Pro, Free)
      - View team analytics
      - Configure org-wide settings
      - Manage MCP server allowlist

  member:
    description: "Standard developer"
    permissions:
      - Use assigned AI features
      - Configure personal settings
      - Create workspace rules
      - Cannot view team analytics

# Assign roles via Admin Dashboard > Members > Edit Role

Step 3: Organization-Wide AI Policies

# Admin Dashboard > Settings > AI Policies
org_policies:
  # Control which AI models are available
  allowed_models:
    - "swe-1"
    - "swe-1-lite"
    - "claude-sonnet"
    # Disable models not approved by security team

  # Terminal command execution controls
  cascade_terminal:
    max_execution_level: "normal&quo


                
                  
                  
                  windsurf-hello-world
                  SKILL.md
                  View full skill →
                
                
                  Create your first Windsurf Cascade interaction and Supercomplete experience.
                  
                      ReadWriteEdit
                    
                
                
                  Windsurf Hello World
Overview
First hands-on experience with Windsurf's three AI modalities: Cascade (agentic chat), Supercomplete (inline completions), and Command (inline editing). This skill walks through real interactions, not placeholder code.
Prerequisites

Completed windsurf-install-auth setup
Windsurf open with a project folder

Instructions
Step 1: Experience Supercomplete (Tab Completions)
Open any code file and start typing. Supercomplete predicts your intent based on recent edits, cursor movement, and surrounding context.

// Type this in a new file: hello.ts
// After typing "function greet", Supercomplete suggests the rest

function greet(name: string): string {
  // Just type "return" and press Tab -- Supercomplete fills the template literal
  return `Hello, ${name}! Welcome to Windsurf.`;
}

// Start typing "const users" -- Supercomplete predicts array based on greet() context
const users = ["Alice", "Bob", "Charlie"];
users.forEach(user => console.log(greet(user)));

Key Supercomplete behaviors:

Press Tab to accept a suggestion
Press Esc to dismiss
Suggestions appear as gray ghost text
Tracks your edit history (last 30-90 seconds) for intent prediction

Step 2: Use Cascade Write Mode (Cmd/Ctrl+L)
Open Cascade panel and try Write mode -- Cascade modifies your codebase directly.

Prompt to try:
"Create a REST API endpoint in src/api.ts using Express that serves
the greet function. Include error handling for missing name parameter."

Cascade will:

Create src/api.ts with Express setup
Import the greet function
Add error handling
Show diffs for your review

Review and accept/reject each file change before Cascade proceeds.
Step 3: Use Cascade Chat Mode
Switch to Chat mode (toggle in Cascade panel) for questions that don't need file edits:

Prompt: "Explain the difference between Write and Chat mode in Cascade"

Expected response: Write mode can create/modify files and run terminal commands.
Chat mode answers questions without touching your codebase.

Step 4: Try Inline Command (Cmd/Ctrl+I)
Highlight a block of code in the editor and press Cmd/Ctrl+I to invoke Command mode:

Select the greet function, then type:
"Add JSDoc documentation and input validation"

Cascade edits the selected code inline, showing a diff you can accept or reject.
Step 5: Use @ Context Mentions
In Cascade chat, use @ to inject specific context:

@src/api.ts -- reference a specific file
@src/       -- re


                
                  
                  
                  windsurf-incident-runbook
                  SKILL.md
                  View full skill →
                
                
                  Execute Windsurf incident response when AI features fail or cause production issues.
                  
                      ReadGrepBash(git:*)Bash(curl:*)
                    
                
                
                  Windsurf Incident Runbook
Overview
Incident response procedures for Windsurf-related issues: Cascade service outages, AI-generated code causing bugs, and team workflow disruptions.
Prerequisites

Access to Windsurf dashboard and status page
Git access to affected repositories
Team communication channel (Slack, Teams)

Severity Levels

Level
Definition
Response Time
Examples


P1
Production broken by AI code
< 15 min
Cascade-generated code deployed with critical bug


P2
Team workflow blocked
< 1 hour
Windsurf service outage, all Cascade down


P3
Degraded AI features
< 4 hours
Slow Cascade, Supercomplete intermittent


P4
Minor inconvenience
Next business day
Specific model unavailable, feature regression


Quick Triage Decision Tree

Is Windsurf service itself down?
├─ YES: Check https://status.windsurf.com
│   ├─ Status page shows incident → WAIT for Windsurf to resolve
│   │   Action: Switch to manual coding, notify team
│   └─ Status page green → Local issue
│       Action: Restart Windsurf, check internet, re-authenticate
│
└─ NO: Did AI-generated code cause a production issue?
    ├─ YES → P1 INCIDENT
    │   1. Revert the deployment immediately
    │   2. Identify the Cascade-generated commit(s)
    │   3. Fix manually or with targeted Cascade prompt
    │   4. Post-incident: update review policy
    │
    └─ NO: Is Cascade giving bad suggestions?
        ├─ YES → Check .windsurfrules, start fresh Cascade session
        └─ NO → See windsurf-common-errors

P1 Playbook: AI Code Caused Production Bug
Step 1: Immediate Mitigation

set -euo pipefail
# Revert the deployment
git log --oneline -10  # Find the bad commit(s)

# If tagged with [cascade]:
git revert HEAD --no-edit  # Revert most recent commit
git push origin main       # Deploy revert

# If multiple Cascade commits:
git revert --no-commit HEAD~3..HEAD  # Revert last 3 commits
git commit -m "revert: undo cascade changes causing [issue]"
git push origin main

Step 2: Identify Root Cause

# Find all Cascade-generated commits
git log --all --oneline --grep="cascade" --since="1 week ago"
git log --all --oneline --grep="\[cascade\]" --since="1 week ago"

# Compare before/after
git diff [last-good-commit]..HEAD -- src/

# Common root causes:
# 1. Cascade modified shared utility used by many modules
# 2. Cascade changed error handling (swallowed exceptions)
# 3. Cascade "optimized" code that had intentional behavior
# 4. Cascade introduced dependency on newer API


                
                  
                  
                  windsurf-install-auth
                  SKILL.md
                  View full skill →
                
                
                  Install Windsurf IDE and configure Codeium authentication.
                  
                      ReadWriteEditBash(npm:*)Bash(brew:*)Bash(curl:*)Grep
                    
                
                
                  Windsurf Install & Auth
Overview
Windsurf is an AI-powered code editor by Codeium (now Cognition AI), built on VS Code. It features Cascade (agentic AI assistant), Supercomplete (intent-aware autocomplete), and deep codebase indexing. Authentication is handled through Codeium accounts, not raw API keys.
Prerequisites

macOS, Windows, or Linux (64-bit)
8GB RAM minimum (16GB recommended for large codebases)
Internet connection for AI features

Instructions
Step 1: Install Windsurf
macOS:

brew install --cask windsurf

Linux (Debian/Ubuntu):

curl -fsSL https://windsurf.com/install.sh | bash
# Or download .deb from https://windsurf.com/download

Windows: Download installer from https://windsurf.com/download
Step 2: Authenticate with Codeium
On first launch, Windsurf prompts for Codeium authentication:

Click "Sign In" in the welcome tab or Windsurf widget (bottom-right status bar)
Browser opens to Codeium auth page
Sign in with Google, GitHub, or email
Authorization token is stored locally at ~/.codeium/

Verify authentication:

Check the Windsurf widget in the status bar -- it should show a checkmark
Open Cascade (Cmd/Ctrl+L) and send a test message

Step 3: Configure for Enterprise / Team
For team deployments with centralized auth:

// Settings > Windsurf Settings (or ~/.codeium/config.json)
{
  "codeium.apiServer": "https://codeium.yourcompany.com",
  "codeium.portal.url": "https://portal.yourcompany.com",
  "codeium.enterpriseMode": true
}

Enterprise API key (headless / CI environments):

# Set via environment variable for non-interactive use
export CODEIUM_API_KEY="your-enterprise-api-key"

Step 4: Verify AI Features Are Working

1. Open any project folder in Windsurf
2. Type in a code file -- Supercomplete suggestions should appear
3. Press Cmd/Ctrl+L to open Cascade chat
4. Type "explain this project" -- Cascade should respond with codebase analysis
5. Check status bar widget shows model name (e.g., SWE-1, Claude, GPT)

Step 5: Select Your AI Model
Cascade supports multiple models. Configure via the model selector dropdown in the Cascade panel:

Model
Plan Required
Best For


SWE-1 Lite
Free
Basic coding tasks


SWE-1
Pro ($15/mo)
Complex multi-file edits


SWE-1.5
Pro
Frontier-level performance
                
              
                
                  
                  
                  windsurf-known-pitfalls
                  SKILL.md
                  View full skill →
                
                
                  Identify and avoid Windsurf anti-patterns and common mistakes.
                  
                      ReadGrep
                    
                
                
                  Windsurf Known Pitfalls
Overview
Real gotchas when using Windsurf IDE. Cascade, Supercomplete, workspace indexing, and the rules system each have behaviors that catch developers off guard. Learn from these before they catch you.
Prerequisites

Windsurf installed and configured
Understanding of Cascade vs Supercomplete
Awareness of workspace indexing behavior

Instructions
Pitfall 1: Using Cascade for Simple Tasks
The mistake: Opening Cascade (Cmd+L) to complete a single line of code.

BAD: Opening Cascade to write "add a console.log"
→ Cascade spins up full agent context, reads multiple files = slow and expensive

GOOD: Use Supercomplete (Tab) for inline completions
→ Instant, free, no credits consumed

RULE OF THUMB:
- Single line / simple completion → Tab (Supercomplete)
- Inline edit of selection → Cmd+I (Command)
- Multi-file task / complex reasoning → Cmd+L (Cascade)

Pitfall 2: Opening Monorepo Root in Windsurf
The mistake: Opening a 100K+ file monorepo as a single workspace.

BAD:  windsurf ~/company-monorepo/
→ Cascade indexes everything, slow context, vague suggestions

GOOD: windsurf ~/company-monorepo/services/payments/
→ Focused context, fast indexing, precise suggestions

WHY: Cascade's context window is limited. More files = more noise.
A focused workspace with 5K files gives better suggestions than
a bloated workspace with 100K files.

Pitfall 3: Vague Cascade Prompts
The mistake: Giving Cascade broad, unscoped instructions.

BAD: "Refactor the codebase to use TypeScript"
→ Cascade may try to convert EVERY file at once, breaking everything

BAD: "Add validation to the API"
→ Which API? Which endpoints? What validation rules?

GOOD: "Convert src/utils/api.js to TypeScript. Add proper types for
all function parameters and return values. Don't change other files."

GOOD: "In src/routes/users.ts, add zod validation for the POST /users
endpoint. Validate email format, name length (2-50 chars), and role
must be 'admin' or 'user'. Return 400 with field-level errors."

Pitfall 4: Accepting Changes Without Review
The mistake: Accepting all Cascade changes without reading the diffs.

BAD: Cascade modifies 12 files → "Accept All" → broken tests
→ Cascade may have changed shared utilities, removed error handling,
  or introduced dependencies on APIs that don't exist

GOOD:
1. Read Cascade's explanation of what it changed
2. Review each file diff in the Cascade output
3. Check for: removed error handling, new imports, changed signatures
4. Run tests BEFORE committing
5. Use revert button if any file looks wrong

Pitfall 5: Not Checkpointing Before C
                
              

                
                  
                  
                  windsurf-load-scale
                  SKILL.md
                  View full skill →
                
                
                  Scale Windsurf adoption across large organizations with workspace strategies and performance tuning.
                  
                      ReadWriteEdit
                    
                
                
                  Windsurf Load & Scale
Overview
Strategies for deploying Windsurf AI IDE across large organizations (50-1000+ developers). Covers workspace partitioning for monorepos, configuration distribution, credit budgeting, and performance at scale.
Prerequisites

Windsurf Teams or Enterprise plan
Admin dashboard access
Understanding of team structure and repository layout
Network/IT involvement for enterprise features

Instructions
Step 1: Workspace Strategy for Large Codebases

# Windsurf performance degrades with workspace size
# Cascade context quality inversely correlates with file count

workspace_sizing:
  optimal: "<5,000 files — fast indexing, precise Cascade context"
  acceptable: "5,000-20,000 files — add .codeiumignore, expect slower indexing"
  problematic: "20,000+ files — must partition into sub-workspaces"
  unworkable: "100,000+ files at root — Cascade context diluted, indexing very slow"

# Strategy: one Windsurf window per service/package
# Each developer opens their assigned service directory

Step 2: Monorepo Partitioning

# Large monorepo (100K+ files)
company-monorepo/
├── .windsurfrules              # Brief shared conventions only
├── .codeiumignore              # Aggressive: exclude EVERYTHING except src
├── apps/
│   ├── web-app/                # Developer A opens this window
│   │   ├── .windsurfrules      # Next.js-specific AI context
│   │   └── .codeiumignore      # Local exclusions
│   ├── mobile-app/             # Developer B opens this window
│   │   ├── .windsurfrules      # React Native context
│   │   └── .codeiumignore
│   └── admin-portal/           # Developer C opens this window
│       ├── .windsurfrules
│       └── .codeiumignore
├── services/
│   ├── api-gateway/            # Backend team opens individual services
│   ├── auth-service/
│   ├── payment-service/
│   └── notification-service/
├── packages/
│   └── shared-types/           # Library maintainer opens this
└── infrastructure/
    └── terraform/              # DevOps opens this

Rule: Never open the monorepo root in Windsurf. Each developer opens their service directory.
Step 3: Configuration Distribution at Scale

# Central config repo for team-wide standards
windsurf-config/
├── templates/
│   ├── windsurfrules/
│   │   ├── nextjs.md           # Template for Next.js projects
│   │   ├── fastify.md          # Template for Fastify APIs
│   │   ├── react-native.md     # Template for mobile apps
│   │   └── shared-library.md   # Template for shared packages
│   ├── codeiumignore/
│   │   ├── node-project.ignore
│   │   ├── python-project.ignore
│   │   └── go-project.ignore
│   └── workflows/
│       ├── deploy-staging.md
│       ├── pr-review.md
│       └── quality-check.md
├── scripts/

                

              

                
                  
                  
                  windsurf-local-dev-loop
                  SKILL.md
                  View full skill →
                
                
                  Configure Windsurf local development workflow with Cascade, Previews, and terminal integration.
                  
                      ReadWriteEditBash(npm:*)Bash(pnpm:*)Grep
                    
                
                
                  Windsurf Local Dev Loop
Overview
Set up a fast, AI-augmented local development workflow using Windsurf's Cascade, Turbo mode, Previews, and terminal integration. The goal is a tight loop: edit with Cascade, preview in-IDE, iterate, test, commit.
Prerequisites

Windsurf authenticated and project open
Node.js 18+ or Python 3.10+
Git initialized in project

Instructions
Step 1: Create .windsurfrules for Project Context

<!-- .windsurfrules - placed at project root, committed to git -->

# Project: my-app

## Stack
- Language: TypeScript (strict mode)
- Framework: Next.js 14 (App Router)
- Styling: Tailwind CSS v3
- Testing: Vitest + Testing Library
- Package manager: pnpm

## Architecture
- Server Components by default
- Client Components only when state/interactivity needed
- API routes in app/api/
- Business logic in lib/services/
- Types in lib/types/

## Conventions
- Named exports, never default
- async/await, never raw .then()
- zod for all runtime validation
- Error handling: Result pattern in services

Step 2: Configure .codeiumignore

# .codeiumignore - exclude from AI indexing (same syntax as .gitignore)
node_modules/
.next/
dist/
build/
coverage/
*.min.js
*.map
.env
.env.*

Step 3: Set Up Turbo Mode for Fast Terminal Execution
Turbo mode lets Cascade auto-execute terminal commands without asking permission for each one.
Enable: Windsurf Settings > Cascade > Terminal Execution Level > Turbo
Configure safety lists:

// Settings (JSON) — search "cascadeCommands"
{
  "windsurf.cascadeCommandsAllowList": [
    "npm", "pnpm", "npx", "node", "tsc",
    "vitest", "jest", "eslint", "prettier",
    "git status", "git diff", "git log", "git add"
  ],
  "windsurf.cascadeCommandsDenyList": [
    "rm -rf", "sudo", "git push --force",
    "git reset --hard", "DROP TABLE", "shutdown"
  ]
}

Step 4: Use Previews for UI Development
Ask Cascade to preview your web app:

"Start the dev server and preview the app"

Cascade starts the server and opens an in-IDE Preview tab. From the Preview:

Click "Send element" (bottom-right) to select a UI element and send it to Cascade
Console errors are automatically forwarded to Cascade for debugging
Iterate by describing changes: "Make the header sticky and add a dark mode toggle"

Step 5: The Dev Loop

1. Open Cascade (Cmd/Ctrl+L)
2. Describe the feature or fix
3. Cascade edits file

                

              

                
                  
                  
                  windsurf-migration-deep-dive
                  SKILL.md
                  View full skill →
                
                
                  Migrate to Windsurf from VS Code, Cursor, or other AI IDEs with full configuration transfer.
                  
                      ReadWriteEditBash(npm:*)Bash(node:*)
                    
                
                
                  Windsurf Migration Deep Dive
Current State
!windsurf --version 2>/dev/null || echo 'Not installed'
!code --version 2>/dev/null | head -1 || echo 'VS Code not installed'
!cursor --version 2>/dev/null | head -1 || echo 'Cursor not installed'
Overview
Comprehensive guide for migrating teams to Windsurf from VS Code + Copilot, Cursor, or other AI editors. Covers settings transfer, concept mapping, team rollout planning, and rollback strategy.
Prerequisites

Current editor still installed (for config export)
Target repositories identified
Team buy-in for evaluation period

Instructions
Step 1: Feature Comparison Matrix

Feature
VS Code + Copilot
Cursor
Windsurf


Inline completions
Copilot
Tab
Supercomplete


Agentic AI chat
N/A
Composer
Cascade Write


AI Q&A
Copilot Chat
Chat
Cascade Chat


Inline edit
Copilot Edit
Cmd+K
Cmd+I (Command)


Project rules
N/A
.cursorrules
.windsurfrules


AI ignore file
N/A
.cursorignore
.codeiumignore


Workspace rules
N/A
.cursor/rules/
.windsurf/rules/


Reusable workflows
N/A
N/A
.windsurf/workflows/


Persistent memories
N/A
Notepad
Memories


MCP support
Via extension
Built-in
Built-in


In-IDE preview
N/A
N/A
Previews


Terminal AI
N/A
Limited
Full (Turbo mode)


Deploy from IDE
N/A
N/A
Netlify native


Pricing (individual)
$10/mo
$20/mo
$15/mo


Step 2: Migrate from Cursor

#!/bin/bash
set -euo pipefail
echo "=== Migrating Cursor → Windsurf ==="

# 1. Convert rules files
if [ -f .cursorrules ]; then
  cp .cursorrules .windsurfrules
  echo "Converted .cursorrules → .windsurfrules"
fi

# 2. Convert ignore file
if [ -f .cursorignore ]; then
  cp .cursorignore .codeiumignore
  echo "Converted .cursorignore → .codeiumignore"
fi

# 3. Convert workspace rules
if [ -d .cursor/rules ]; then
  mkdir -p .windsurf/rules
  for rule in .cursor/rules/*.md; do
    [ -f "$rule" ] || continue
    BASENAME=$(basename "$rule")
    cp "$rule" ".windsurf/rules/$BASENAME"
    echo "Copied rule: $BASENAME"
  done
  echo ""
  echo "NOTE: Review .

                

              

                
                  
                  
                  windsurf-multi-env-setup
                  SKILL.md
                  View full skill →
                
                
                  Configure Windsurf IDE and Cascade AI across team members and project environments.
                  
                      ReadWriteEdit
                    
                
                
                  Windsurf Multi-Environment Setup
Overview
Configure Windsurf consistently across team members, projects, and deployment contexts. Windsurf is an IDE, not a cloud API -- "multi-environment setup" means standardizing AI behavior, workspace configuration, and Cascade context across your team.
Prerequisites

Windsurf IDE installed on developer machines
Shared git repository
Team agreement on coding standards per service

Instructions
Step 1: Per-Project Cascade Rules

<!-- .windsurfrules - committed to each service repo -->

# Project: PaymentService

## Stack
- Language: TypeScript (strict)
- Framework: Fastify v4
- Database: PostgreSQL with Drizzle
- Testing: Vitest
- Queue: BullMQ for async jobs

## Architecture Rules
- All handlers in src/routes/ — never business logic
- Business logic in src/services/ only
- Database queries in src/repositories/ only
- Use Result<T, E> pattern for errors, never throw in services
- PCI-sensitive data only in src/pci/ (encrypted at rest)

## Naming Conventions
- Route handlers: GET/POST/PUT/DELETE prefix
- Service methods: verb + noun (createPayment, findOrder)
- Repository methods: DB operations (findById, upsert)

Step 2: Team IDE Settings Template

// .windsurf/settings.json - committed to repo
{
  "codeium.indexing.excludePatterns": [
    "node_modules/**", "dist/**", ".next/**",
    "coverage/**", "*.min.js", "**/*.map", "**/*.lock"
  ],
  "codeium.autocomplete.enable": true,
  "editor.formatOnSave": true,
  "editor.defaultFormatter": "biomejs.biome",
  "typescript.tsdk": "node_modules/typescript/lib"
}

Step 3: Monorepo Multi-Service Setup

monorepo/
  services/
    auth/
      .windsurfrules        # Auth context: JWT, OAuth, session management
      .codeiumignore         # Exclude auth secrets directory
    payments/
      .windsurfrules        # Payments context: Stripe, PCI compliance
      .codeiumignore         # Exclude PCI data directories
    notifications/
      .windsurfrules        # Notifications: queues, email templates
      .codeiumignore
  .windsurf/
    settings.json            # Shared IDE settings
    rules/
      shared-patterns.md     # trigger: always_on
    workflows/
      deploy-service.md      # /deploy-service workflow

Key practice: Each developer opens their service directory as the workspace, NOT the monorepo root. This gives Cascade focused context and fast indexing.
Step 4: Environment-Specific Workflow Rules

<!-- .windsurf/rules/deployment-context.md -->
---
trigger: glob
globs: deploy/**, scripts/deploy-*, .github/workflows/deploy-*
---
## D

                

              

                
                  
                  
                  windsurf-observability
                  SKILL.md
                  View full skill →
                
                
                  Monitor Windsurf AI adoption, feature usage, and team productivity metrics.
                  
                      ReadWriteEdit
                    
                
                
                  Windsurf Observability
Overview
Monitor Windsurf AI IDE adoption, feature usage, and productivity impact across your team. Covers Admin Dashboard analytics, custom tracking via extensions, and ROI measurement.
Prerequisites

Windsurf Teams or Enterprise plan
Admin dashboard access at windsurf.com/dashboard
Team members actively using Windsurf

Instructions
Step 1: Access Admin Dashboard Analytics
Navigate to Admin Dashboard > Analytics for team-wide metrics:

# Key metrics available in Windsurf Admin Dashboard
core_metrics:
  adoption:
    active_users_daily: "Unique developers using Windsurf per day"
    seat_utilization: "Active users / total seats (target: >80%)"
    feature_adoption: "Which AI features each user uses"

  quality:
    completion_acceptance_rate: "Supercomplete suggestions accepted vs shown"
    cascade_flow_success_rate: "Cascade tasks completed vs failed"

  consumption:
    credits_consumed_per_user: "Monthly credit usage per team member"
    credits_by_model: "Which AI models consume the most credits"

  efficiency:
    tasks_per_session: "Average Cascade interactions per session"
    time_saved_estimate: "Based on task complexity and completion speed"

Step 2: Set Up Usage Alerts
Monitor for underutilization and overuse:

# Alert thresholds for team management
alerts:
  low_adoption:
    condition: "seat_utilization < 50% for 7 days"
    action: "Schedule team training session"

  low_acceptance_rate:
    condition: "completion_acceptance_rate < 20% for 7 days"
    action: "Review .windsurfrules — AI suggestions not matching project patterns"

  high_cascade_failures:
    condition: "cascade_success_rate < 50% for 3 days"
    action: "Check workspace config — .codeiumignore may be too aggressive"

  credit_overspend:
    condition: "team_credits > 80% consumed before month half"
    action: "Review per-user usage, coach on credit conservation"

  inactive_seats:
    condition: "user has <10 interactions in 30 days"
    action: "Offer training or downgrade to Free tier"

Step 3: Build Custom Extension for Detailed Tracking

// windsurf-analytics-extension/src/extension.ts
import * as vscode from "vscode";

interface UsageEvent {
  event: string;
  timestamp: string;
  userId: string;
  file?: string;
  metadata?: Record<string, unknown>;
}

const events: UsageEvent[] = [];

export function activate(context: vscode.ExtensionContext) {
  // Track Cascade usage patterns
  const cascadeListener = vscode.workspace.onDidSaveTextDocument((doc) => {
    events.push({
      even

                

              

                
                  
                  
                  windsurf-performance-tuning
                  SKILL.md
                  View full skill →
                
                
                  Optimize Windsurf IDE performance: indexing speed, Cascade responsiveness, and memory usage.
                  
                      ReadWriteEditGrep
                    
                
                
                  Windsurf Performance Tuning
Overview
Optimize Windsurf's indexing engine, Cascade context building, Supercomplete latency, and overall IDE responsiveness. Most performance issues stem from indexing too many files or missing exclusion patterns.
Prerequisites

Windsurf IDE installed
Understanding of workspace indexing
Access to Windsurf settings

Instructions
Step 1: Optimize Workspace Indexing
The indexing engine is the #1 performance factor. Exclude everything that isn't source code:

# .codeiumignore — aggressive exclusion for large codebases
# Build artifacts
node_modules/
dist/
build/
.next/
.nuxt/
.output/
.svelte-kit/
coverage/
.cache/

# Package manager
pnpm-lock.yaml
package-lock.json
yarn.lock

# Generated code
*.min.js
*.min.css
*.bundle.js
*.chunk.js
**/*.map
generated/
__generated__/

# Binary and media files
*.png
*.jpg
*.gif
*.svg
*.ico
*.mp4
*.woff
*.woff2
*.ttf
*.eot

# Data files
*.sqlite
*.db
*.sql.gz
*.csv

# Python
__pycache__/
*.pyc
.venv/
venv/
.tox/
*.egg-info/

# Go
vendor/

# Rust
target/

Step 2: Open Focused Workspaces

# DON'T: Open entire monorepo root
windsurf ~/monorepo/          # Indexes ALL packages = slow

# DO: Open specific service directories
windsurf ~/monorepo/apps/web/        # Only indexes web app
windsurf ~/monorepo/packages/api/    # Only indexes API

# Each Windsurf window gets its own focused AI context
# Cascade performs better with fewer, relevant files

Step 3: Tune IDE Settings

// settings.json — performance-focused configuration
{
  // Indexing limits
  "codeium.indexing.maxFileSize": 524288,

  // Reduce extension overhead
  "extensions.autoUpdate": false,
  "extensions.autoCheckUpdates": false,

  // Editor performance
  "editor.minimap.enabled": false,
  "editor.renderWhitespace": "none",
  "editor.bracketPairColorization.enabled": false,

  // File watcher optimization
  "files.watcherExclude": {
    "**/node_modules/**": true,
    "**/dist/**": true,
    "**/.git/objects/**": true,
    "**/build/**": true
  },

  // Search exclusions
  "search.exclude": {
    "**/node_modules": true,
    "**/dist": true,
    "**/coverage": true,
    "**/*.min.js": true
  }
}

Step 4: Optimize Cascade Usage

## Cascade Performance Tips

1. Start fresh sessions for new tasks
   - Long conversations accumulate context, slowing responses
   - Click + in Cascade panel to start new conversation

2. Use @ mentions instead of describing files
   - BAD: "Look at the auth service file"
   - GOOD: "@src/services/auth.ts fix the token refresh logic"

3. Scope prompts na

                

              

                
                  
                  
                  windsurf-policy-guardrails
                  SKILL.md
                  View full skill →
                
                
                  Implement team-wide Windsurf usage policies, code quality gates, and Cascade guardrails.
                  
                      ReadWriteEditBash(npx:*)
                    
                
                
                  Windsurf Policy Guardrails
Overview
Policy guardrails for team Windsurf usage: controlling what Cascade can do, enforcing code review for AI output, configuring terminal safety controls, and preventing common AI coding mistakes.
Prerequisites

Windsurf configured for team use
Git workflow established
CI/CD pipeline in place
Team agreement on AI usage standards

Instructions
Step 1: Terminal Command Safety (Turbo Mode Controls)
Configure what Cascade can and cannot auto-execute:

// settings.json — Team-wide terminal safety
{
  "windsurf.cascadeCommandsAllowList": [
    "npm test", "npm run", "npx vitest", "npx tsc",
    "git status", "git diff", "git log", "git add",
    "eslint", "prettier", "biome",
    "ls", "cat", "head", "tail", "wc", "grep"
  ],
  "windsurf.cascadeCommandsDenyList": [
    "rm -rf", "rm -r /",
    "sudo",
    "git push --force", "git reset --hard",
    "DROP TABLE", "DELETE FROM", "TRUNCATE",
    "curl | bash", "wget | sh",
    "chmod 777",
    "kill -9",
    "shutdown", "reboot", "halt",
    "mkfs", "dd if=",
    "npm publish", "npx publish"
  ]
}

Step 2: Workspace Isolation Rules
Prevent Cascade from accessing sensitive directories:

# .codeiumignore — security boundary
# AI cannot see or modify files matching these patterns

# Credentials
.env
.env.*
credentials/
secrets/
*.pem
*.key

# Infrastructure
terraform.tfstate*
*.tfvars
ansible/vault*

# Customer data
data/production/
exports/


<!-- .windsurf/rules/protected-files.md -->
---
trigger: always_on
---
## Protected Files Policy
- NEVER modify files in migrations/ without explicit request
- NEVER modify Dockerfile or docker-compose.yml without explicit request
- NEVER modify CI/CD workflows (.github/workflows/) without explicit request
- NEVER modify package.json dependencies without explicit request
- ALWAYS ask before changing database schema files

Step 3: AI Code Review Policy

# .github/workflows/ai-code-gate.yml
name: AI Code Quality Gate
on: pull_request

jobs:
  ai-review-gate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with: { fetch-depth: 0 }

      - name: Check cascade commit policy
        run: |
          # Count files changed
          FILES=$(git diff --name-only origin/main..HEAD | wc -l)

          # Large changesets need explicit review
          if 

                

              

                
                  
                  
                  windsurf-prod-checklist
                  SKILL.md
                  View full skill →
                
                
                  Execute Windsurf production readiness checklist for team and enterprise deployments.
                  
                      ReadGrep
                    
                
                
                  Windsurf Production Checklist
Overview
Complete checklist for rolling out Windsurf to production teams. Covers workspace configuration, security hardening, team onboarding, and monitoring.
Prerequisites

Windsurf plan selected (Pro, Teams, or Enterprise)
Admin access to Windsurf dashboard
Git repositories identified for rollout
Team agreement on AI usage policy

Instructions
Phase 1: Pre-Deployment Configuration
Workspace Config (per repository):

[ ] .windsurfrules created with project stack, patterns, and constraints
[ ] .codeiumignore excludes secrets, build artifacts, and large binaries
[ ] .windsurf/rules/ contains glob-triggered rules for file-type-specific patterns
[ ] Workspace settings committed to .windsurf/settings.json

Security:

[ ] Telemetry configured per company policy
[ ] .codeiumignore covers all secret file patterns
[ ] Autocomplete disabled for secret-containing file types (.env, .key)
[ ] Enterprise: SSO/SAML configured and enforced
[ ] Enterprise: zero-data-retention verified with Codeium

Team Policy:

[ ] AI usage policy document created and shared
[ ] Commit convention for AI-generated code established (e.g., [cascade] prefix)
[ ] Code review requirements for AI-generated changes defined
[ ] Competing AI extensions disabled (Copilot, TabNine)

Phase 2: Team Onboarding
Per-Developer Setup:

#!/bin/bash
# scripts/setup-windsurf.sh — run on each developer machine

echo "Setting up Windsurf for this project..."

# Verify Windsurf is installed
windsurf --version || { echo "Install Windsurf first: https://windsurf.com/download"; exit 1; }

# Verify config files exist
[ -f .windsurfrules ] || echo "WARNING: .windsurfrules missing"
[ -f .codeiumignore ] || echo "WARNING: .codeiumignore missing"

# Install recommended extensions
windsurf --install-extension esbenp.prettier-vscode
windsurf --install-extension dbaeumer.vscode-eslint

# Disable conflicting extensions
windsurf --disable-extension github.copilot 2>/dev/null || true

echo "Setup complete. Open project folder (not monorepo root) for best AI context."

Training Checklist:

[ ] Demo: Supercomplete (Tab) vs Cascade (Cmd+L) vs Command (Cmd+I)
[ ] Demo: Write mode vs Chat mode
[ ] Demo: @ mentions for file context
[ ] Demo: Turbo mode with allow/deny lists
[ ] Demo: Previews for UI development
[ ] Demo: Git checkpoint before Cascade workflow
[ ] Share: .windsurfrules ex
                
              

                
                  
                  
                  windsurf-rate-limits
                  SKILL.md
                  View full skill →
                
                
                  Understand and manage Windsurf credit system, usage limits, and model selection.
                  
                      ReadGrep
                    
                
                
                  Windsurf Rate Limits & Credits
Overview
Windsurf uses a credit-based system for AI features. Each prompt to Cascade consumes credits, with different models costing different amounts. Understanding the credit system prevents mid-session interruptions and optimizes your AI budget.
Prerequisites

Windsurf account (Free, Pro, or Teams)
Access to account dashboard at windsurf.com/account

Instructions
Step 1: Understand Credit Allocation by Plan

Plan
Monthly Credits
Unlimited Features
Price


Free
25
Supercomplete (SWE-1 Lite), Tab completions
$0


Pro
500
Supercomplete, Tab, Commands, Previews
$15/mo


Teams
500/user
All Pro features + admin controls
$30/user/mo


Enterprise
Custom
All features + SSO, RBAC, audit
Custom


Step 2: Credit Cost per Model
Different models consume different credit amounts per prompt:

Model
Credits/Prompt (approx)
Best For


SWE-1 Lite
0 (unlimited)
Quick questions, simple tasks


SWE-1
1
Standard coding tasks


SWE-1.5
2
Complex multi-file tasks


Claude Sonnet
2
Nuanced reasoning, architecture


GPT-4o
2
General purpose


Gemini Pro
2
Large context windows


Step 3: Monitor Credit Usage
In-IDE: Click the Windsurf widget (status bar) > shows remaining credits
Dashboard: windsurf.com/account > Usage tab shows:

Credits consumed today/this month
Credits remaining
Per-model breakdown
Usage trend over time

Step 4: Credit Conservation Strategies

1. Use SWE-1 Lite for simple tasks (free, unlimited):
   - Quick questions about syntax
   - Simple completions
   - Code explanations

2. Use premium models for complex tasks:
   - Multi-file refactoring
   - Architecture decisions
   - Debugging complex issues

3. Write better prompts to reduce back-and-forth:
   - Include file paths, constraints, and expected output
   - Reference files with @ mentions instead of describing them
   - One well-structured prompt > five vague ones

4. Use Workflows for repetitive tasks:
   - Workflows consume credits but eliminate wasted retry prompts
   - A 5-step workflow costs less than 5 separate conversations

5. Leverage free features:
   - Supercomplete (Tab) is unlimited on all plans
   - Command mode (Cmd+I) is unlimited on Pro
   - Only Cascade W

                

              

                
                  
                  
                  windsurf-reference-architecture
                  SKILL.md
                  View full skill →
                
                
                  Implement Windsurf reference architecture with optimal project structure and AI configuration.
                  
                      ReadGrep
                    
                
                
                  Windsurf Reference Architecture
Overview
Complete project architecture optimized for Windsurf AI. Covers workspace configuration, rules hierarchy, workflow organization, and team standardization patterns that maximize Cascade's effectiveness.
Prerequisites

Windsurf IDE installed
Team agreement on coding standards
Repository with consistent project structure

Architecture Diagram

┌──────────────────────────────────────────────────────┐
│              Windsurf Workspace                       │
│  ┌───────────────┐  ┌────────────────────────────┐    │
│  │ .windsurfrules│  │ .windsurf/                 │    │
│  │ (AI context)  │  │  ├── rules/ (trigger rules)│    │
│  │               │  │  ├── workflows/ (automation)│    │
│  │               │  │  └── settings.json         │    │
│  └───────────────┘  └────────────────────────────┘    │
│  ┌───────────────┐  ┌────────────────────────────┐    │
│  │ .codeiumignore│  │ ~/.codeium/                │    │
│  │ (index rules) │  │  ├── global_rules.md       │    │
│  │               │  │  ├── windsurf/memories/    │    │
│  │               │  │  └── windsurf/mcp_config   │    │
│  └───────────────┘  └────────────────────────────┘    │
├──────────────────────────────────────────────────────┤
│              Cascade AI Engine                        │
│  ┌───────────┐  ┌───────────┐  ┌─────────────────┐   │
│  │ Super-    │  │ Cascade   │  │ Command         │   │
│  │ complete  │  │ Write/Chat│  │ (Inline Edit)   │   │
│  │ (Tab)     │  │ (Cmd+L)  │  │ (Cmd+I)         │   │
│  └───────────┘  └───────────┘  └─────────────────┘   │
├──────────────────────────────────────────────────────┤
│              Context Layers                           │
│  Rules > Memories > @Mentions > Open Files > Index   │
└──────────────────────────────────────────────────────┘

Instructions
Step 1: Project File Structure

my-project/
├── .windsurfrules              # AI context (stack, patterns, constraints)
├── .codeiumignore              # Indexing exclusions
├── .windsurf/
│   ├── settings.json           # IDE settings (committed)
│   ├── rules/
│   │   ├── testing.md          # trigger: glob **/*.test.ts
│   │   ├── api-routes.md       # trigger: glob src/routes/**
│   │   ├── security.md         # trigger: model_decision
│   │   └── migrations.md       # trigger: manual
│   └── workflows/
│       ├── new-feature.md      # /new-feature
│       ├── deploy-staging.md   # /deploy-staging
│       ├── review-pr.md        # /review-pr
│       └── quality-check.md    # /quality-check
├── src/
│   ├── routes/                 # API route handlers
│   ├── services/               # Business logic
│   ├── repositories/           # Data access
│   └── types/                  # Shared types
├── tests/
│   ├── fixtures/               # Test data factories
│   └── services/               # Service uni

                

              

                
                  
                  
                  windsurf-reliability-patterns
                  SKILL.md
                  View full skill →
                
                
                  Implement reliable Cascade workflows with checkpoints, rollback, and incremental editing.
                  
                      ReadWriteEditBash(git:*)
                    
                
                
                  Windsurf Reliability Patterns
Overview
Reliability patterns for safe Cascade usage: Git checkpointing, incremental task scoping, validation gates, and rollback strategies. Cascade's multi-file editing is powerful but requires discipline to avoid breaking your codebase.
Prerequisites

Windsurf with Cascade enabled
Git repository initialized
Test suite available
Understanding of Cascade Write mode

Instructions
Step 1: Always Commit Before Cascade
The most important reliability pattern: create a clean Git checkpoint before every Cascade session.

# Before starting a Cascade task
git add -A && git commit -m "checkpoint: before cascade session"

# After Cascade completes:
git diff                                    # Review all changes
npm test && npm run typecheck               # Validate

# If good:
git add -A && git commit -m "[cascade] add notification service"

# If bad:
git checkout -- .                           # Revert everything
# Or selectively:
git checkout -- src/problem-file.ts         # Revert one file

Step 2: Use Feature Branches for Cascade Work

# Create dedicated branch for each Cascade task
git checkout -b cascade/add-notification-service

# Do Cascade work on this branch
# ...

# If results are good:
git checkout main && git merge cascade/add-notification-service

# If results are bad:
git checkout main && git branch -D cascade/add-notification-service
# Clean slate, main branch untouched

Step 3: Scope Tasks Incrementally
Large tasks cause Cascade to make sweeping changes that are hard to review. Break into steps.

BAD (too broad):
"Refactor the authentication system to use JWT instead of sessions"
→ Cascade may modify 30+ files, hard to review, likely has bugs

GOOD (incremental):
Step 1: "Create src/services/jwt.ts with functions: generateToken,
         validateToken, refreshToken. Use the jose library."
Step 2: "Create tests/services/jwt.test.ts with tests for all three functions"
Step 3: "Run the tests and fix any failures"
Step 4: "Update src/middleware/auth.ts to use jwt.ts instead of
         express-session. Keep the old code commented out."
Step 5: "Run the full test suite and fix any failures"
Step 6: "Remove commented-out session code from auth.ts"

Each step: review diff → test → commit → next step

Step 4: Validate After Every Cascade Edit

#!/bin/bash
# scripts/cascade-validate.sh — run after every Cascade edit
set -euo pipefail

echo "=== Post-Cascade Validation ==="

# Type check
echo "1/4 TypeScript..."
npm run typecheck || { echo "FAIL: Type errors. Ask Cascade to fix."; exit 1; }

# L

                

              

                
                  
                  
                  windsurf-sdk-patterns
                  SKILL.md
                  View full skill →
                
                
                  Apply production-ready Windsurf workspace configuration and Cascade interaction patterns.
                  
                      ReadWriteEditGrep
                    
                
                
                  Windsurf Configuration Patterns
Overview
Production-ready configuration patterns for Windsurf IDE: rules files, workspace rules with trigger modes, MCP server integration, and Cascade prompt engineering.
Prerequisites

Windsurf authenticated and operational
Understanding of Cascade Write vs Chat modes
Project with established coding conventions

Instructions
Step 1: Root-Level .windsurfrules (Permanent Context)
The .windsurfrules file is the single highest-impact configuration for Cascade output quality. It provides persistent context every session.

<!-- .windsurfrules -->

# Project: payments-api

## Stack
- Runtime: Node.js 20 LTS
- Language: TypeScript 5.x (strict, noUncheckedIndexedAccess)
- Framework: Fastify v4
- ORM: Drizzle (PostgreSQL)
- Validation: zod
- Testing: Vitest
- Linting: Biome

## Architecture Rules
- Route handlers in src/routes/ — no business logic
- Business logic in src/services/ — never throw, use Result<T,E>
- Database queries in src/repositories/ — Drizzle only
- Shared types in src/types/ — all exported with JSDoc

## Don't
- Don't use `any` type
- Don't use default exports
- Don't use class-based patterns (use functions + closures)
- Don't modify files in migrations/ without explicit request
- Don't use deprecated APIs: my_old_helper, legacyAuth

## Testing
- Unit tests for every service method
- Integration tests for every route handler
- No mocking repositories in integration tests
- Use test fixtures from tests/fixtures/

Limits: 6,000 characters per rules file. 12,000 total (global + workspace combined).
Step 2: Workspace Rules with Trigger Modes
Create granular rules in .windsurf/rules/ with YAML frontmatter:

<!-- .windsurf/rules/testing.md -->
---
trigger: glob
globs: **/*.test.ts, **/*.spec.ts
---
All test files must:
- Use describe/it blocks (not test())
- Mock external API calls with msw
- Assert both success and error paths
- Include at least one snapshot test for UI components
- Use factory functions from tests/fixtures/ for test data


<!-- .windsurf/rules/api-routes.md -->
---
trigger: glob
globs: src/routes/**/*.ts
---
API route handlers must:
- Validate input with zod schema before processing
- Return consistent error format: { error: string, code: string, statusCode: number }
- Include request ID in all log lines
- Never call database directly — use repository layer


<!-- .windsurf/rules/security.md -->
---
trigger: model_decision
description: Apply when code touches authentication, authorization, or secrets
---
Security requirements:
- Never log secrets, tokens, or PII
- Use parameterized queries (never string interpolation

                

              

                
                  
                  
                  windsurf-security-basics
                  SKILL.md
                  View full skill →
                
                
                  Apply Windsurf security best practices for workspace isolation, data privacy, and secret protection.
                  
                      ReadWriteGrep
                    
                
                
                  Windsurf Security Basics
Overview
Security best practices for Windsurf AI IDE: controlling what code Cascade can see, preventing secrets from leaking into AI context, managing telemetry, and configuring workspace isolation for regulated environments.
Prerequisites

Windsurf installed
Understanding of Codeium's data processing model
Repository with identified sensitive files

Instructions
Step 1: Exclude Secrets from AI Indexing
Create .codeiumignore at project root (gitignore syntax):

# .codeiumignore — files Codeium/Windsurf will NEVER index or read

# Secrets and credentials
.env
.env.*
.env.local
credentials.json
serviceAccountKey.json
*.pem
*.key
*.p12
*.pfx

# Cloud provider configs
.aws/
.gcloud/
.azure/

# Infrastructure secrets
terraform.tfstate
terraform.tfstate.backup
*.tfvars
vault-config.*

# Customer data
data/customers/
exports/
backups/
*.sql.gz

Default exclusions (automatic): Files in .gitignore, node_modules/, hidden directories (. prefix).
Enterprise: Place a global .codeiumignore at ~/.codeium/ for org-wide exclusions.
Step 2: Disable Telemetry (If Required)

// Windsurf Settings (settings.json)
{
  "codeium.enableTelemetry": false,
  "codeium.enableSnippetTelemetry": false,
  "telemetry.telemetryLevel": "off"
}

Step 3: Configure AI Autocomplete Exclusions
Disable Supercomplete for file types that commonly contain secrets:

{
  "codeium.autocomplete.languages": {
    "plaintext": false,
    "env": false,
    "dotenv": false,
    "properties": false,
    "ini": false
  }
}

Step 4: Create Security-Focused .windsurfrules

<!-- .windsurfrules - security section -->

## Security Requirements
- Never suggest hardcoded secrets, API keys, or passwords in code
- Always use environment variables via process.env for secrets
- Never log PII (email, phone, SSN, credit card numbers)
- Use parameterized queries for all database operations
- Never suggest wildcard CORS origins in production code
- All user input must be validated before processing
- Use constant-time comparison for secret/token validation

Step 5: Audit AI Workspace Access

#!/bin/bash
set -euo pipefail
echo "=== Windsurf Security Audit ==="

# Check if .codeiumignore exists
if [ ! -f .codeiumignore ]; then
  echo "WARNING: No .codeiumignore — AI can index all non-gitignored files"
fi

# Check for secrets that AI could index
echo "--- Potentially exposed secret files ---"
find . -typ

                

              

                
                  
                  
                  windsurf-upgrade-migration
                  SKILL.md
                  View full skill →
                
                
                  Upgrade Windsurf IDE, migrate settings from VS Code or Cursor, and handle breaking changes.
                  
                      ReadWriteEditBash(npm:*)Bash(git:*)
                    
                
                
                  Windsurf Upgrade & Migration
Current State
!windsurf --version 2>/dev/null || echo 'Not installed'
!code --version 2>/dev/null | head -1 || echo 'VS Code not installed'
Overview
Guide for upgrading Windsurf to new versions and migrating from VS Code or Cursor. Covers settings transfer, extension compatibility, and Windsurf-specific configuration that doesn't exist in other editors.
Prerequisites

Current editor installation accessible
Git for version controlling config files
Backup of existing settings

Instructions
Step 1: Check Current Windsurf Version

# Current version
windsurf --version

# Check for updates
# Windsurf auto-updates by default
# Manual: Help > Check for Updates (or download from windsurf.com)

Step 2: Migrate from VS Code
Windsurf is VS Code-based and supports most VS Code settings and extensions:

# Windsurf imports VS Code settings on first launch
# For manual migration:

# 1. Export VS Code extensions list
code --list-extensions > vscode-extensions.txt

# 2. Install in Windsurf
cat vscode-extensions.txt | xargs -L1 windsurf --install-extension

# 3. Copy settings
# macOS:
cp ~/Library/Application\ Support/Code/User/settings.json \
   ~/Library/Application\ Support/Windsurf/User/settings.json

# Linux:
cp ~/.config/Code/User/settings.json \
   ~/.config/Windsurf/User/settings.json

Key difference: Remove or disable GitHub Copilot -- it conflicts with Windsurf's Supercomplete.
Step 3: Migrate from Cursor
Cursor and Windsurf both extend VS Code but have different AI config files:

# Mapping Cursor concepts to Windsurf:
cursor_to_windsurf:
  .cursorrules:       .windsurfrules     # AI context rules
  .cursorignore:      .codeiumignore     # AI indexing exclusions
  .cursor/rules/:     .windsurf/rules/   # Workspace rules
  cursor_settings:    windsurf_settings  # IDE preferences
  Composer:           Cascade            # Agentic AI assistant
  Tab:                Supercomplete      # Inline completions
  Cmd+K:              Cmd+I              # Inline editing
  Cmd+L:              Cmd+L              # AI chat (same!)

Migration script:

#!/bin/bash
set -euo pipefail
echo "Migrating Cursor config to Windsurf..."

# Convert .cursorrules to .windsurfrules
[ -f .cursorrules ] && cp .cursorrules .windsurfrules && echo "Copied .cursorrules → .windsurfrules"

# Convert .cursorignore to .codeiumignore
[ -f .cursorignore ] && cp .cursorignore .codeiumignore && echo "Copied .cursorignore → .codeiumignore"

# Migrate workspace rules
if [ -d .cursor/rules ]; then
  mkdir -p .windsurf/rules
  cp .cursor/rules/*.m

                

              

                
                  
                  
                  windsurf-webhooks-events
                  SKILL.md
                  View full skill →
                
                
                  Build Windsurf extensions and integrate with VS Code extension API events.
                  
                      ReadWriteEditBash(npm:*)Bash(npx:*)
                    
                
                
                  Windsurf Extension Development & Events
Overview
Windsurf is built on VS Code and supports the full VS Code Extension API. Build custom extensions to track workspace events, integrate with external tools, and extend Cascade's capabilities. This skill covers extension development specific to the Windsurf environment.
Prerequisites

Node.js 18+ and npm
VS Code Extension API familiarity
yo and generator-code for scaffolding
Windsurf IDE for testing

Instructions
Step 1: Scaffold Extension

# Install scaffolding tools
npm install -g yo generator-code

# Generate extension
yo code
# Select: New Extension (TypeScript)
# Name: my-windsurf-extension

Step 2: Track Workspace Events

// src/extension.ts
import * as vscode from "vscode";

export function activate(context: vscode.ExtensionContext) {
  console.log("Extension active in Windsurf");

  // Track file saves
  const saveListener = vscode.workspace.onDidSaveTextDocument(
    async (document) => {
      const diagnostics = vscode.languages.getDiagnostics(document.uri);
      const errors = diagnostics.filter(
        (d) => d.severity === vscode.DiagnosticSeverity.Error
      );
      if (errors.length > 0) {
        vscode.window.showWarningMessage(
          `${document.fileName}: ${errors.length} error(s) after save`
        );
      }
    }
  );

  // Track active editor changes
  const editorListener = vscode.window.onDidChangeActiveTextEditor(
    (editor) => {
      if (editor) {
        const lang = editor.document.languageId;
        const lines = editor.document.lineCount;
        console.log(`Opened: ${editor.document.fileName} (${lang}, ${lines} lines)`);
      }
    }
  );

  // Track terminal output
  const terminalListener = vscode.window.onDidWriteTerminalData((event) => {
    // Can monitor for specific patterns (errors, warnings)
    if (event.data.includes("ERROR") || event.data.includes("FAIL")) {
      vscode.window.showWarningMessage("Error detected in terminal output");
    }
  });

  context.subscriptions.push(saveListener, editorListener, terminalListener);
}

Step 3: Send Events to External System

// src/webhook.ts
import * as vscode from "vscode";

interface WorkspaceEvent {
  event: string;
  file?: string;
  language?: string;
  timestamp: string;
  metadata?: Record<string, unknown>;
}

async function sendEvent(event: WorkspaceEvent): Promise<void> {
  const webhookUrl = vscode.workspace
    .getConfiguration("windsurf-events")
    .get<string>("webhookUrl");

  if (!webhookUrl) return;

  try {
    await fetch(webhookUrl, {
      method: "POST",
      headers: { "Content-Type": &q

                

              

          
        

      
      

      
      

      
      

      
      
  Ready to use windsurf-pack?
  
    
    
  




      
      
          Related Plugins
          
            
                000-jeremy-content-consistency-validator
                Read-only validator that generates comprehensive discrepancy reports comparing messaging consistency across ANY HTML-based website (WordPress, Hugo, Next.js, React, Vue, static HTML, etc.), GitHub repositories, and local documentation. Detects mixed messaging without making changes.
              
                002-jeremy-yaml-master-agent
                Intelligent YAML validation, generation, and transformation agent with schema inference, linting, and format conversion capabilities
              
                003-jeremy-vertex-ai-media-master
                Comprehensive Google Vertex AI multimodal mastery for Jeremy - video processing (6+ hours), audio generation, image creation with Gemini 2.0/2.5 and Imagen 4. Marketing campaign automation, content generation, and media asset production.
              
                004-jeremy-google-cloud-agent-sdk
                Google Cloud Agent Development Kit (ADK) and Agent Starter Pack mastery - build containerized multi-agent systems with production-ready templates, deploy to Cloud Run/GKE/Agent Engine, RAG agents, ReAct agents, and multi-agent orchestration.
              
                agent-context-manager
                Automatically detects and loads AGENTS.md files to provide agent-specific instructions
              
                ai-commit-gen
                AI-powered commit message generator - analyzes your git diff and creates conventional commit messages instantly
              
          
        

      
      
          Tags
          
            windsurfai-editorcascadecodeiumai-codingcode-completionrefactoring
          
        
    
  

  

    

    
    
        
            
                Stay in the Loop
                
                    
                    
                    
                
                No spam. Unsubscribe anytime.
            

            
                
                    Product
                    
                        Explore
                        Skills
                        Cowork
                        Compare
                        Tools
                    
                
                
                    Resources
                    
                        Docs
                        Changelog
                        Collections
                        Playbooks
                        Research
                        Learning
                    
                
                
                    Company
                    
                        Community
                        Spotlight
                        GitHub
                    
                
                
                    Legal
                    
                        Privacy
                        Terms
                        Acceptable Use
                    
                
            

            
                Tons of Skills by Intent Solutions. Marine. Citadel Grad. 20 years ops → self-taught dev → AI architect.
                © 2026 Tons of Skills | Intent Solutions

Plan	Price	Credits/mo	Key Features
Free	$0	25	SWE-1 Lite unlimited, basic Supercomplete
Pro	$15/mo	500	All models, Cascade Write, Previews, 5 deploys/day
Teams	$30/user/mo	500/user	Admin controls, shared billing, analytics
Enterprise	Custom ($60+/user)	Custom	SSO, RBAC, audit, self-hosted option

Level	Definition	Response Time	Examples
P1	Production broken by AI code	< 15 min	Cascade-generated code deployed with critical bug
P2	Team workflow blocked	< 1 hour	Windsurf service outage, all Cascade down
P3	Degraded AI features	< 4 hours	Slow Cascade, Supercomplete intermittent
P4	Minor inconvenience	Next business day	Specific model unavailable, feature regression