Windsurf Policy Guardrails Overview Policy guardrails for team Windsurf usage: controlling what Cascade can do, enforcing code review for AI output, configuring terminal safety controls, and preventing common AI coding mistakes. Prerequisites - Windsurf configured for team use - Git workflow established - CI/CD pipeline in place - Team agreement on AI usage standards Instructions Step 1: Terminal Command Safety (Turbo Mode Controls) Configure what Cascade can and cannot auto-execute: Step 2: Workspace Isolation Rules Prevent Cascade from accessing sensitive directories: Step 3: AI Code Review…

|| true)\n NEW_TEST=$(git diff --name-only --diff-filter=A origin/main..HEAD | grep -cE '\\.(test|spec)\\.' || true)\n if [ \"$NEW_SRC\" -gt 3 ] && [ \"$NEW_TEST\" -eq 0 ]; then\n echo \"::error::$NEW_SRC new source files without tests.\"\n echo \"Add tests before merging AI-generated code.\"\n exit 1\n fi\n\n - name: Scan for hardcoded secrets\n run: |\n SECRETS_FOUND=$(git diff origin/main..HEAD | grep -cE '(sk_live|sk_test|AKIA[A-Z0-9]|ghp_|glpat-|xoxb-)' || true)\n if [ \"$SECRETS_FOUND\" -gt 0 ]; then\n echo \"::error::Potential hardcoded secret detected in diff.\"\n exit 1\n fi\n```\n\n### Step 4: Team Cascade Usage Guidelines\n\n```markdown\n\u003c!-- docs/windsurf-policy.md — committed to repo -->\n\n# Team Windsurf AI Usage Policy\n\n## Required Practices\n1. **Git before Cascade** — commit or stash before every Cascade session\n2. **Feature branches only** — never use Cascade on main or develop\n3. **Review every diff** — accept changes file-by-file, not \"accept all\"\n4. **Test after accepting** — run tests before committing Cascade changes\n5. **Tag AI commits** — prefix with `[cascade]` for traceability\n\n## Prohibited Actions\n1. Never paste secrets, API keys, or passwords into Cascade chat\n2. Never let Cascade modify production config without manual review\n3. Never use Cascade to write security-critical code without expert review\n4. Never accept Cascade suggestions for database migrations without DBA review\n5. Never use Turbo mode with commands not in the allow list\n\n## Code Review Standards for AI-Generated Code\n- Reviewer MUST verify logic, not just syntax\n- Reviewer MUST check edge cases (AI often misses boundary conditions)\n- Reviewer MUST verify error handling (AI tends to happy-path)\n- Reviewer MUST check for AI-specific patterns: unnecessary abstraction,\n over-engineering, cargo-cult patterns from training data\n\n## Accountability\n- The developer who accepts and commits AI-generated code is responsible\n- \"Cascade wrote it\" is not an excuse for bugs in production\n- All standard code review requirements apply to AI-generated code\n```\n\n### Step 5: Extension Trust Policy\n\n```json\n// .vscode/extensions.json (works in Windsurf)\n{\n \"recommendations\": [\n \"esbenp.prettier-vscode\",\n \"dbaeumer.vscode-eslint\",\n \"biomejs.biome\"\n ],\n \"unwantedRecommendations\": [\n \"github.copilot\",\n \"github.copilot-chat\",\n \"tabnine.tabnine-vscode\",\n \"sourcegraph.cody-ai\"\n ]\n}\n```\n\n### Step 6: Pre-Cascade Checklist Workflow\n\n```markdown\n\u003c!-- .windsurf/workflows/safe-cascade.md -->\n---\nname: safe-cascade\ndescription: Pre-flight checks before Cascade work\n---\n// turbo-all\n\n1. Run `git status` — verify clean working tree\n2. Run `git checkout -b cascade/$(date +%Y%m%d-%H%M%S)` — new branch\n3. Run `git log --oneline -3` — note recent context\n4. Report: \"Ready for Cascade. Branch created. Clean working tree.\"\n5. Ask: \"What would you like Cascade to do?\"\n```\n\n## Error Handling\n\n| Issue | Cause | Solution |\n|-------|-------|----------|\n| Cascade modifies secrets | Files not in .codeiumignore | Add to .codeiumignore, rotate exposed secret |\n| Untested AI code merged | No CI gate | Add test-required check to PR |\n| Conflicting suggestions | Multiple AI extensions | Remove competing extensions |\n| Developer bypasses policy | No enforcement | Add CI gates, team training |\n| Cascade runs destructive command | Not in deny list | Add to cascadeCommandsDenyList |\n\n## Examples\n\n### Quick Policy Verification\n\n```bash\nset -euo pipefail\necho \"=== Policy Compliance Check ===\"\necho \"Branch protection: $(gh api repos/:owner/:repo/branches/main/protection --jq '.required_status_checks.contexts | length' 2>/dev/null || echo 'N/A') checks\"\necho \".codeiumignore: $([ -f .codeiumignore ] && echo 'EXISTS' || echo 'MISSING')\"\necho \"Policy doc: $([ -f docs/windsurf-policy.md ] && echo 'EXISTS' || echo 'MISSING')\"\necho \"Extension control: $([ -f .vscode/extensions.json ] && echo 'EXISTS' || echo 'MISSING')\"\n```\n\n## Resources\n\n- [Windsurf Terminal Docs](https://docs.windsurf.com/windsurf/terminal)\n- [Windsurf Rules](https://docs.windsurf.com/windsurf/cascade/memories)\n- [Windsurf Admin Guide](https://docs.windsurf.com/windsurf/guide-for-admins)\n\n## Next Steps\n\nFor architecture strategies, see `windsurf-architecture-variants`.\n---","attachment_filenames":[],"attachments":[],"content_json":{"type":"doc","content":[{"type":"heading","attrs":{"level":1},"content":[{"text":"Windsurf Policy Guardrails","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Overview","type":"text"}]},{"type":"paragraph","content":[{"text":"Policy guardrails for team Windsurf usage: controlling what Cascade can do, enforcing code review for AI output, configuring terminal safety controls, and preventing common AI coding mistakes.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Prerequisites","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Windsurf configured for team use","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Git workflow established","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"CI/CD pipeline in place","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Team agreement on AI usage standards","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Instructions","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 1: Terminal Command Safety (Turbo Mode Controls)","type":"text"}]},{"type":"paragraph","content":[{"text":"Configure what Cascade can and cannot auto-execute:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"json"},"content":[{"text":"// settings.json — Team-wide terminal safety\n{\n \"windsurf.cascadeCommandsAllowList\": [\n \"npm test\", \"npm run\", \"npx vitest\", \"npx tsc\",\n \"git status\", \"git diff\", \"git log\", \"git add\",\n \"eslint\", \"prettier\", \"biome\",\n \"ls\", \"cat\", \"head\", \"tail\", \"wc\", \"grep\"\n ],\n \"windsurf.cascadeCommandsDenyList\": [\n \"rm -rf\", \"rm -r /\",\n \"sudo\",\n \"git push --force\", \"git reset --hard\",\n \"DROP TABLE\", \"DELETE FROM\", \"TRUNCATE\",\n \"curl | bash\", \"wget | sh\",\n \"chmod 777\",\n \"kill -9\",\n \"shutdown\", \"reboot\", \"halt\",\n \"mkfs\", \"dd if=\",\n \"npm publish\", \"npx publish\"\n ]\n}","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 2: Workspace Isolation Rules","type":"text"}]},{"type":"paragraph","content":[{"text":"Prevent Cascade from accessing sensitive directories:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"gitignore"},"content":[{"text":"# .codeiumignore — security boundary\n# AI cannot see or modify files matching these patterns\n\n# Credentials\n.env\n.env.*\ncredentials/\nsecrets/\n*.pem\n*.key\n\n# Infrastructure\nterraform.tfstate*\n*.tfvars\nansible/vault*\n\n# Customer data\ndata/production/\nexports/","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"markdown"},"content":[{"text":"\u003c!-- .windsurf/rules/protected-files.md -->\n---\ntrigger: always_on\n---\n## Protected Files Policy\n- NEVER modify files in migrations/ without explicit request\n- NEVER modify Dockerfile or docker-compose.yml without explicit request\n- NEVER modify CI/CD workflows (.github/workflows/) without explicit request\n- NEVER modify package.json dependencies without explicit request\n- ALWAYS ask before changing database schema files","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 3: AI Code Review Policy","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"yaml"},"content":[{"text":"# .github/workflows/ai-code-gate.yml\nname: AI Code Quality Gate\non: pull_request\n\njobs:\n ai-review-gate:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n with: { fetch-depth: 0 }\n\n - name: Check cascade commit policy\n run: |\n # Count files changed\n FILES=$(git diff --name-only origin/main..HEAD | wc -l)\n\n # Large changesets need explicit review\n if [ \"$FILES\" -gt 15 ]; then\n echo \"::warning::Large changeset ($FILES files modified).\"\n echo \"If AI-generated, ensure line-by-line review.\"\n fi\n\n # New files must have tests\n NEW_SRC=$(git diff --name-only --diff-filter=A origin/main..HEAD | grep -cE '\\.(ts|js)

Windsurf Policy Guardrails Overview Policy guardrails for team Windsurf usage: controlling what Cascade can do, enforcing code review for AI output, configuring terminal safety controls, and preventing common AI coding mistakes. Prerequisites - Windsurf configured for team use - Git workflow established - CI/CD pipeline in place - Team agreement on AI usage standards Instructions Step 1: Terminal Command Safety (Turbo Mode Controls) Configure what Cascade can and cannot auto-execute: Step 2: Workspace Isolation Rules Prevent Cascade from accessing sensitive directories: Step 3: AI Code Review…

|| true)\n NEW_TEST=$(git diff --name-only --diff-filter=A origin/main..HEAD | grep -cE '\\.(test|spec)\\.' || true)\n if [ \"$NEW_SRC\" -gt 3 ] && [ \"$NEW_TEST\" -eq 0 ]; then\n echo \"::error::$NEW_SRC new source files without tests.\"\n echo \"Add tests before merging AI-generated code.\"\n exit 1\n fi\n\n - name: Scan for hardcoded secrets\n run: |\n SECRETS_FOUND=$(git diff origin/main..HEAD | grep -cE '(sk_live|sk_test|AKIA[A-Z0-9]|ghp_|glpat-|xoxb-)' || true)\n if [ \"$SECRETS_FOUND\" -gt 0 ]; then\n echo \"::error::Potential hardcoded secret detected in diff.\"\n exit 1\n fi","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 4: Team Cascade Usage Guidelines","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"markdown"},"content":[{"text":"\u003c!-- docs/windsurf-policy.md — committed to repo -->\n\n# Team Windsurf AI Usage Policy\n\n## Required Practices\n1. **Git before Cascade** — commit or stash before every Cascade session\n2. **Feature branches only** — never use Cascade on main or develop\n3. **Review every diff** — accept changes file-by-file, not \"accept all\"\n4. **Test after accepting** — run tests before committing Cascade changes\n5. **Tag AI commits** — prefix with `[cascade]` for traceability\n\n## Prohibited Actions\n1. Never paste secrets, API keys, or passwords into Cascade chat\n2. Never let Cascade modify production config without manual review\n3. Never use Cascade to write security-critical code without expert review\n4. Never accept Cascade suggestions for database migrations without DBA review\n5. Never use Turbo mode with commands not in the allow list\n\n## Code Review Standards for AI-Generated Code\n- Reviewer MUST verify logic, not just syntax\n- Reviewer MUST check edge cases (AI often misses boundary conditions)\n- Reviewer MUST verify error handling (AI tends to happy-path)\n- Reviewer MUST check for AI-specific patterns: unnecessary abstraction,\n over-engineering, cargo-cult patterns from training data\n\n## Accountability\n- The developer who accepts and commits AI-generated code is responsible\n- \"Cascade wrote it\" is not an excuse for bugs in production\n- All standard code review requirements apply to AI-generated code","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 5: Extension Trust Policy","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"json"},"content":[{"text":"// .vscode/extensions.json (works in Windsurf)\n{\n \"recommendations\": [\n \"esbenp.prettier-vscode\",\n \"dbaeumer.vscode-eslint\",\n \"biomejs.biome\"\n ],\n \"unwantedRecommendations\": [\n \"github.copilot\",\n \"github.copilot-chat\",\n \"tabnine.tabnine-vscode\",\n \"sourcegraph.cody-ai\"\n ]\n}","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 6: Pre-Cascade Checklist Workflow","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"markdown"},"content":[{"text":"\u003c!-- .windsurf/workflows/safe-cascade.md -->\n---\nname: safe-cascade\ndescription: Pre-flight checks before Cascade work\n---\n// turbo-all\n\n1. Run `git status` — verify clean working tree\n2. Run `git checkout -b cascade/$(date +%Y%m%d-%H%M%S)` — new branch\n3. Run `git log --oneline -3` — note recent context\n4. Report: \"Ready for Cascade. Branch created. Clean working tree.\"\n5. Ask: \"What would you like Cascade to do?\"","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Error Handling","type":"text"}]},{"type":"table","attrs":{"layout":null},"content":[{"type":"tr","content":[{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Issue","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Cause","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Solution","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Cascade modifies secrets","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Files not in .codeiumignore","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Add to .codeiumignore, rotate exposed secret","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Untested AI code merged","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"No CI gate","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Add test-required check to PR","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Conflicting suggestions","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Multiple AI extensions","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Remove competing extensions","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Developer bypasses policy","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"No enforcement","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Add CI gates, team training","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Cascade runs destructive command","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Not in deny list","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Add to cascadeCommandsDenyList","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Examples","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Quick Policy Verification","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"set -euo pipefail\necho \"=== Policy Compliance Check ===\"\necho \"Branch protection: $(gh api repos/:owner/:repo/branches/main/protection --jq '.required_status_checks.contexts | length' 2>/dev/null || echo 'N/A') checks\"\necho \".codeiumignore: $([ -f .codeiumignore ] && echo 'EXISTS' || echo 'MISSING')\"\necho \"Policy doc: $([ -f docs/windsurf-policy.md ] && echo 'EXISTS' || echo 'MISSING')\"\necho \"Extension control: $([ -f .vscode/extensions.json ] && echo 'EXISTS' || echo 'MISSING')\"","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Resources","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Windsurf Terminal Docs","type":"text","marks":[{"type":"link","attrs":{"href":"https://docs.windsurf.com/windsurf/terminal","title":null}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Windsurf Rules","type":"text","marks":[{"type":"link","attrs":{"href":"https://docs.windsurf.com/windsurf/cascade/memories","title":null}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Windsurf Admin Guide","type":"text","marks":[{"type":"link","attrs":{"href":"https://docs.windsurf.com/windsurf/guide-for-admins","title":null}}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Next Steps","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"For architecture strategies, see ","type":"text"},{"text":"windsurf-architecture-variants","type":"text","marks":[{"type":"code_inline"}]},{"text":".","type":"text"}]}]},"metadata":{"date":"2026-06-05","name":"windsurf-policy-guardrails","tags":["saas","windsurf","policy","guardrails","team-management"],"author":"@skillopedia","source":{"stars":2275,"repo_name":"claude-code-plugins-plus-skills","origin_url":"https://github.com/jeremylongshore/claude-code-plugins-plus-skills/blob/HEAD/plugins/saas-packs/windsurf-pack/skills/windsurf-policy-guardrails/SKILL.md","repo_owner":"jeremylongshore","body_sha256":"c84f0abfd402860aeb4dd4fa4e6c63c32866c781dbc2921a35a436b9b715ee18","cluster_key":"5a28e0e11c322cb35f6ad020d25c6b66a67d1651a951b452a249986f648bb465","clean_bundle":{"format":"clean-skill-bundle-v1","source":"jeremylongshore/claude-code-plugins-plus-skills/plugins/saas-packs/windsurf-pack/skills/windsurf-policy-guardrails/SKILL.md","bundle_sha256":"2223d3110839ccf125e0bddabb863f4d5976c52847fd577e87c6a492196584e8","attachment_count":0,"text_attachments":0,"binary_attachments":0},"cluster_size":1,"skill_md_path":"plugins/saas-packs/windsurf-pack/skills/windsurf-policy-guardrails/SKILL.md","import_metadata":{"date":"2026-06-05","author":"@skillopedia","version":"v1","category":"finance-legal-compliance","category_label":"Finance"},"exact_dupes_collapsed_into_this":0},"license":"MIT","version":"v1","category":"finance-legal-compliance","import_tag":"clean-skills-v1","description":"Implement team-wide Windsurf usage policies, code quality gates, and Cascade guardrails.\nUse when setting up code review policies for AI-generated code, configuring Turbo mode\nsafety controls, or implementing CI gates for Cascade output.\nTrigger with phrases like \"windsurf policy\", \"windsurf guardrails\",\n\"cascade safety rules\", \"windsurf team rules\", \"AI code policy\".\n","allowed-tools":"Read, Write, Edit, Bash(npx:*)","compatibility":"Designed for Claude Code, also compatible with Codex and OpenClaw"}},"renderedAt":1782981743857}

Windsurf Policy Guardrails Overview Policy guardrails for team Windsurf usage: controlling what Cascade can do, enforcing code review for AI output, configuring terminal safety controls, and preventing common AI coding mistakes. Prerequisites - Windsurf configured for team use - Git workflow established - CI/CD pipeline in place - Team agreement on AI usage standards Instructions Step 1: Terminal Command Safety (Turbo Mode Controls) Configure what Cascade can and cannot auto-execute: Step 2: Workspace Isolation Rules Prevent Cascade from accessing sensitive directories: Step 3: AI Code Review…