Windsurf CI Integration Overview Integrate Windsurf configuration validation and AI code quality gates into CI/CD pipelines. Covers validating , enforcing team policies for AI-generated code, and automating Windsurf config distribution. Prerequisites - GitHub repository with Actions enabled - Windsurf configuration files in repository - Team agreement on AI code review policy Instructions Step 1: Validate Windsurf Config in CI Step 2: AI Code Quality Gate Step 3: Distribute Windsurf Config Templates Step 4: Cascade-Generated Commit Convention Enforce commit message conventions for AI-generate…

|| true)\n NEW_TEST=$(git diff --name-only --diff-filter=A origin/main..HEAD | grep -cE '\\.(test|spec)\\.' || true)\n if [ \"$NEW_SRC\" -gt 3 ] && [ \"$NEW_TEST\" -eq 0 ]; then\n echo \"::error::$NEW_SRC new source files added without tests\"\n exit 1\n fi\n\n - name: Check for hardcoded secrets in new files\n run: |\n git diff origin/main..HEAD -- '*.ts' '*.js' '*.tsx' '*.jsx' | \\\n grep -E '(sk_live|sk_test|AKIA|ghp_|glpat-|xoxb-)' && {\n echo \"::error::Potential hardcoded secret detected\"\n exit 1\n } || true\n```\n\n### Step 3: Distribute Windsurf Config Templates\n\n```yaml\n# .github/workflows/sync-windsurf-config.yml\nname: Sync Windsurf Config\n\non:\n push:\n branches: [main]\n paths: ['windsurf-templates/**']\n\njobs:\n distribute:\n runs-on: ubuntu-latest\n strategy:\n matrix:\n repo: [frontend, backend, mobile]\n steps:\n - uses: actions/checkout@v4\n - name: Push config to child repos\n run: |\n gh api repos/${{ github.repository_owner }}/${{ matrix.repo }}/contents/.windsurfrules \\\n --method PUT \\\n --field message=\"chore: sync windsurf config from monorepo\" \\\n --field content=\"$(base64 -w0 windsurf-templates/.windsurfrules)\"\n env:\n GH_TOKEN: ${{ secrets.REPO_SYNC_TOKEN }}\n```\n\n### Step 4: Cascade-Generated Commit Convention\n\nEnforce commit message conventions for AI-generated code:\n\n```yaml\n# In branch protection or CI\n- name: Check AI commit convention\n run: |\n COMMITS=$(git log origin/main..HEAD --pretty=format:\"%s\")\n # If PR has many file changes, warn about AI commit tagging\n FILES=$(git diff --stat origin/main..HEAD | tail -1 | awk '{print $1}')\n if [ \"$FILES\" -gt 10 ]; then\n if ! echo \"$COMMITS\" | grep -q \"\\[cascade\\]\"; then\n echo \"::notice::Large changeset without [cascade] tag. If AI-generated, tag commits with [cascade] prefix.\"\n fi\n fi\n```\n\n### Step 5: MCP Server Health Check (Optional)\n\n```yaml\n- name: Validate MCP config\n run: |\n MCP_CONFIG=\"$HOME/.codeium/windsurf/mcp_config.json\"\n if [ -f \"$MCP_CONFIG\" ]; then\n python3 -c \"import json; json.load(open('$MCP_CONFIG'))\" || {\n echo \"::error::MCP config is invalid JSON\"\n exit 1\n }\n fi\n```\n\n## Error Handling\n\n| Issue | Cause | Solution |\n|-------|-------|----------|\n| .windsurfrules over limit | Too many rules | Split into workspace rules in `.windsurf/rules/` |\n| Secret detected in diff | AI generated hardcoded key | Remove, rotate, add to `.codeiumignore` |\n| Config sync fails | Token lacks repo access | Update `REPO_SYNC_TOKEN` permissions |\n| Frontmatter validation fails | Missing trigger field | Add `trigger: always_on` or appropriate mode |\n\n## Examples\n\n### Branch Protection Rules\n\n```yaml\n# Recommended for teams using Windsurf Cascade\nrequired_status_checks:\n - \"windsurf-config\"\n - \"ai-code-review\"\n - \"test\"\n```\n\n### Pre-Commit Hook for .windsurfrules\n\n```bash\n#!/bin/bash\n# .git/hooks/pre-commit\nCHARS=$(wc -c \u003c .windsurfrules 2>/dev/null || echo 0)\nif [ \"$CHARS\" -gt 6000 ]; then\n echo \"ERROR: .windsurfrules exceeds 6000 char limit ($CHARS chars)\"\n exit 1\nfi\n```\n\n## Resources\n\n- [GitHub Actions Documentation](https://docs.github.com/en/actions)\n- [Windsurf Admin Guide](https://docs.windsurf.com/windsurf/guide-for-admins)\n\n## Next Steps\n\nFor deployment patterns, see `windsurf-deploy-integration`.\n---","attachment_filenames":[],"attachments":[],"content_json":{"type":"doc","content":[{"type":"heading","attrs":{"level":1},"content":[{"text":"Windsurf CI Integration","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Overview","type":"text"}]},{"type":"paragraph","content":[{"text":"Integrate Windsurf configuration validation and AI code quality gates into CI/CD pipelines. Covers validating ","type":"text"},{"text":".windsurfrules","type":"text","marks":[{"type":"code_inline"}]},{"text":", enforcing team policies for AI-generated code, and automating Windsurf config distribution.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Prerequisites","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"GitHub repository with Actions enabled","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Windsurf configuration files in repository","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Team agreement on AI code review policy","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Instructions","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 1: Validate Windsurf Config in CI","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"yaml"},"content":[{"text":"# .github/workflows/windsurf-config.yml\nname: Windsurf Config Validation\n\non:\n pull_request:\n paths:\n - '.windsurfrules'\n - '.codeiumignore'\n - '.windsurf/**'\n\njobs:\n validate:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n\n - name: Check .windsurfrules exists and is valid\n run: |\n if [ ! -f .windsurfrules ]; then\n echo \"::error::.windsurfrules is missing\"\n exit 1\n fi\n CHARS=$(wc -c \u003c .windsurfrules)\n if [ \"$CHARS\" -gt 6000 ]; then\n echo \"::error::.windsurfrules exceeds 6000 char limit ($CHARS chars)\"\n exit 1\n fi\n echo \".windsurfrules: $CHARS chars (limit: 6000)\"\n\n - name: Check .codeiumignore covers secrets\n run: |\n REQUIRED_PATTERNS=(\".env\" \"*.pem\" \"*.key\" \"credentials\")\n MISSING=()\n for pattern in \"${REQUIRED_PATTERNS[@]}\"; do\n if ! grep -q \"$pattern\" .codeiumignore 2>/dev/null; then\n MISSING+=(\"$pattern\")\n fi\n done\n if [ ${#MISSING[@]} -gt 0 ]; then\n echo \"::warning::.codeiumignore missing patterns: ${MISSING[*]}\"\n fi\n\n - name: Validate workspace rules frontmatter\n run: |\n for rule in .windsurf/rules/*.md; do\n [ -f \"$rule\" ] || continue\n if ! head -1 \"$rule\" | grep -q \"^---\"; then\n echo \"::error::$rule missing YAML frontmatter\"\n exit 1\n fi\n # Check for required trigger field\n if ! grep -q \"^trigger:\" \"$rule\"; then\n echo \"::warning::$rule missing 'trigger:' in frontmatter\"\n fi\n done","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 2: AI Code Quality Gate","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"yaml"},"content":[{"text":"# .github/workflows/ai-code-review.yml\nname: AI Code Quality Gate\n\non: pull_request\n\njobs:\n ai-review:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n with: { fetch-depth: 0 }\n\n - name: Detect large AI-generated changesets\n run: |\n FILES_CHANGED=$(git diff --name-only origin/main..HEAD | wc -l)\n if [ \"$FILES_CHANGED\" -gt 20 ]; then\n echo \"::warning::Large changeset ($FILES_CHANGED files). If AI-generated, ensure thorough review.\"\n fi\n\n - name: Enforce tests for new source files\n run: |\n NEW_SRC=$(git diff --name-only --diff-filter=A origin/main..HEAD | grep -cE '\\.(ts|js|tsx|jsx)

Windsurf CI Integration Overview Integrate Windsurf configuration validation and AI code quality gates into CI/CD pipelines. Covers validating , enforcing team policies for AI-generated code, and automating Windsurf config distribution. Prerequisites - GitHub repository with Actions enabled - Windsurf configuration files in repository - Team agreement on AI code review policy Instructions Step 1: Validate Windsurf Config in CI Step 2: AI Code Quality Gate Step 3: Distribute Windsurf Config Templates Step 4: Cascade-Generated Commit Convention Enforce commit message conventions for AI-generate…

|| true)\n NEW_TEST=$(git diff --name-only --diff-filter=A origin/main..HEAD | grep -cE '\\.(test|spec)\\.' || true)\n if [ \"$NEW_SRC\" -gt 3 ] && [ \"$NEW_TEST\" -eq 0 ]; then\n echo \"::error::$NEW_SRC new source files added without tests\"\n exit 1\n fi\n\n - name: Check for hardcoded secrets in new files\n run: |\n git diff origin/main..HEAD -- '*.ts' '*.js' '*.tsx' '*.jsx' | \\\n grep -E '(sk_live|sk_test|AKIA|ghp_|glpat-|xoxb-)' && {\n echo \"::error::Potential hardcoded secret detected\"\n exit 1\n } || true","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 3: Distribute Windsurf Config Templates","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"yaml"},"content":[{"text":"# .github/workflows/sync-windsurf-config.yml\nname: Sync Windsurf Config\n\non:\n push:\n branches: [main]\n paths: ['windsurf-templates/**']\n\njobs:\n distribute:\n runs-on: ubuntu-latest\n strategy:\n matrix:\n repo: [frontend, backend, mobile]\n steps:\n - uses: actions/checkout@v4\n - name: Push config to child repos\n run: |\n gh api repos/${{ github.repository_owner }}/${{ matrix.repo }}/contents/.windsurfrules \\\n --method PUT \\\n --field message=\"chore: sync windsurf config from monorepo\" \\\n --field content=\"$(base64 -w0 windsurf-templates/.windsurfrules)\"\n env:\n GH_TOKEN: ${{ secrets.REPO_SYNC_TOKEN }}","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 4: Cascade-Generated Commit Convention","type":"text"}]},{"type":"paragraph","content":[{"text":"Enforce commit message conventions for AI-generated code:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"yaml"},"content":[{"text":"# In branch protection or CI\n- name: Check AI commit convention\n run: |\n COMMITS=$(git log origin/main..HEAD --pretty=format:\"%s\")\n # If PR has many file changes, warn about AI commit tagging\n FILES=$(git diff --stat origin/main..HEAD | tail -1 | awk '{print $1}')\n if [ \"$FILES\" -gt 10 ]; then\n if ! echo \"$COMMITS\" | grep -q \"\\[cascade\\]\"; then\n echo \"::notice::Large changeset without [cascade] tag. If AI-generated, tag commits with [cascade] prefix.\"\n fi\n fi","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 5: MCP Server Health Check (Optional)","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"yaml"},"content":[{"text":"- name: Validate MCP config\n run: |\n MCP_CONFIG=\"$HOME/.codeium/windsurf/mcp_config.json\"\n if [ -f \"$MCP_CONFIG\" ]; then\n python3 -c \"import json; json.load(open('$MCP_CONFIG'))\" || {\n echo \"::error::MCP config is invalid JSON\"\n exit 1\n }\n fi","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Error Handling","type":"text"}]},{"type":"table","attrs":{"layout":null},"content":[{"type":"tr","content":[{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Issue","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Cause","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Solution","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":".windsurfrules over limit","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Too many rules","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Split into workspace rules in ","type":"text"},{"text":".windsurf/rules/","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Secret detected in diff","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"AI generated hardcoded key","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Remove, rotate, add to ","type":"text"},{"text":".codeiumignore","type":"text","marks":[{"type":"code_inline"}]}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Config sync fails","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Token lacks repo access","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Update ","type":"text"},{"text":"REPO_SYNC_TOKEN","type":"text","marks":[{"type":"code_inline"}]},{"text":" permissions","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Frontmatter validation fails","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Missing trigger field","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Add ","type":"text"},{"text":"trigger: always_on","type":"text","marks":[{"type":"code_inline"}]},{"text":" or appropriate mode","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Examples","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Branch Protection Rules","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"yaml"},"content":[{"text":"# Recommended for teams using Windsurf Cascade\nrequired_status_checks:\n - \"windsurf-config\"\n - \"ai-code-review\"\n - \"test\"","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Pre-Commit Hook for .windsurfrules","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"#!/bin/bash\n# .git/hooks/pre-commit\nCHARS=$(wc -c \u003c .windsurfrules 2>/dev/null || echo 0)\nif [ \"$CHARS\" -gt 6000 ]; then\n echo \"ERROR: .windsurfrules exceeds 6000 char limit ($CHARS chars)\"\n exit 1\nfi","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Resources","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"GitHub Actions Documentation","type":"text","marks":[{"type":"link","attrs":{"href":"https://docs.github.com/en/actions","title":null}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Windsurf Admin Guide","type":"text","marks":[{"type":"link","attrs":{"href":"https://docs.windsurf.com/windsurf/guide-for-admins","title":null}}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Next Steps","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"For deployment patterns, see ","type":"text"},{"text":"windsurf-deploy-integration","type":"text","marks":[{"type":"code_inline"}]},{"text":".","type":"text"}]}]},"metadata":{"date":"2026-06-05","name":"windsurf-ci-integration","tags":["saas","windsurf","ci-cd","github-actions","automation"],"author":"@skillopedia","source":{"stars":2275,"repo_name":"claude-code-plugins-plus-skills","origin_url":"https://github.com/jeremylongshore/claude-code-plugins-plus-skills/blob/HEAD/plugins/saas-packs/windsurf-pack/skills/windsurf-ci-integration/SKILL.md","repo_owner":"jeremylongshore","body_sha256":"897f24071c5d5615b0484c7a6429911688b322d1b03abd012f7d039fb7086e96","cluster_key":"36417235f29743c7450731e553c3927c483f75525bc70c607926f89c924bd6c7","clean_bundle":{"format":"clean-skill-bundle-v1","source":"jeremylongshore/claude-code-plugins-plus-skills/plugins/saas-packs/windsurf-pack/skills/windsurf-ci-integration/SKILL.md","bundle_sha256":"acb3cad7199aacd00253c4743d12fbfe936993f53c052e1f57751060cd23630f","attachment_count":0,"text_attachments":0,"binary_attachments":0},"cluster_size":1,"skill_md_path":"plugins/saas-packs/windsurf-pack/skills/windsurf-ci-integration/SKILL.md","import_metadata":{"date":"2026-06-05","author":"@skillopedia","version":"v1","category":"devops-infrastructure","category_label":"DevOps"},"exact_dupes_collapsed_into_this":0},"license":"MIT","version":"v1","category":"devops-infrastructure","import_tag":"clean-skills-v1","description":"Integrate Windsurf Cascade workflows into CI/CD pipelines and team automation.\nUse when automating Cascade tasks in GitHub Actions, enforcing AI code quality gates,\nor setting up Windsurf config validation in CI.\nTrigger with phrases like \"windsurf CI\", \"windsurf GitHub Actions\",\n\"windsurf automation\", \"cascade CI\", \"windsurf pipeline\".\n","allowed-tools":"Read, Write, Edit, Bash(gh:*)","compatibility":"Designed for Claude Code, also compatible with Codex and OpenClaw"}},"renderedAt":1782980915823}

Windsurf CI Integration Overview Integrate Windsurf configuration validation and AI code quality gates into CI/CD pipelines. Covers validating , enforcing team policies for AI-generated code, and automating Windsurf config distribution. Prerequisites - GitHub repository with Actions enabled - Windsurf configuration files in repository - Team agreement on AI code review policy Instructions Step 1: Validate Windsurf Config in CI Step 2: AI Code Quality Gate Step 3: Distribute Windsurf Config Templates Step 4: Cascade-Generated Commit Convention Enforce commit message conventions for AI-generate…