Cline, on a leash.

Q: "Does Raidu require a Cline fork or plugin?"

"No. Cline already supports OpenAI-compatible base URLs. Pointing it at Raidu is a settings change."

Q: "Can Raidu require human approval on Cline's shell commands?"

"Yes. Shell commands are policy-gated. You can require approval for anything matching destructive patterns, require approval for all shell calls in production repos, or block categories entirely. Approvals are signed and recorded."

Q: "What is the latency overhead?"

"Under 100 ms per checkpoint at p95. Cline feels no slower; the developer benefit is the visibility."

Q: "How does this interact with Cline's auto-approve settings?"

"Raidu's policy supersedes Cline's auto-approve. Even if Cline is configured to run commands without prompting, Raidu can still require approval or block based on content."

Q: "Can my auditor verify the trail independently?"

"Yes. The public verification endpoint accepts a record ID and confirms the signature chain. Your auditor never needs access to your environment."

Q: "Does this work across teams using different Cline model providers?"

"Yes. Raidu fronts any supported provider (Anthropic, OpenAI, Bedrock, Vertex, self-hosted). One policy applies regardless of which model Cline calls."

Cline is an autonomous coding agent in VS Code. It reads your repo, runs shell commands, and writes code without asking. Raidu puts policy and proof around every action before it happens.

Book a meeting → See the runtime

The tool

Cline

Autonomous coding agent for VS Code.

Cline (formerly Claude Dev) plans, executes, and revises code across files and the shell. Its autonomy is its value, and its governance problem.

Without governance

Autonomous agents raise the stakes.

Cline does not ask before it acts on most steps. That is the feature. It is also the audit question your CISO will raise the first time production changes.

Risk 01

Unreviewed shell commands

Cline invokes bash to install, run, and test. One wrong command can drop a table, push to main, or fetch a remote payload. Without governance, there is no signed record of what ran and why.

Risk 02

Context bleeds outbound

To plan, Cline reads widely across the repo: config files, infrastructure as code, secrets. That context is sent to the model. Without redaction, it becomes a third-party record of your internals.

Risk 03

Production code with no review signal

Cline edits files and stages changes. When those changes merge, the audit question is who reviewed the AI's plan, what policy applied, and whether the output passed safety scans.

Risk 04

Single API key, whole model catalog

Cline users configure raw OpenAI or Anthropic keys. Security loses per-repo control, policy routing, and revocation without key rotation.

With Raidu

How Raidu governs Cline.

Cline reads a base URL from settings. Point it at Raidu. Every plan, tool call, and response passes through the same runtime that governs Cursor, Claude Code, and your other agents.

Redact before the model reads

Checkpoint 02 · Before LLM

Every file Cline opens, every shell output it captures, every instruction from the developer is scanned outbound. Secrets, PII, and flagged internals are replaced with deterministic tokens. The agent reasons with the tokens, not the raw data.

Gate tool calls with policy

Checkpoint 03 · Before Tool

Shell commands match an allowlist. File writes match path globs. Destructive operations require approval. Network calls are scoped. The policy is shared with your other coding tools so the rules do not fork.

Response scanning

Checkpoint 05 · Agent Response

Model output is scanned for unsafe code, license risks, hallucinated packages, and exfiltration patterns before VS Code shows the diff. The developer sees clean suggestions. Blocked output is logged with a reason.

Signed audit chain

Post-execution

Each Cline turn becomes a signed record linked to the previous one. Prompts, tools, diffs, responses, policy version, user identity. RSA-4096 signed. SHA-256 chained. WORM persisted. Exportable for SOC 2 evidence.

Integration

Two fields in Cline settings.

Cline lets you pick the API provider and the base URL. Point both at Raidu and the agent is governed from that moment, across every project.

Cline · settings.json json

{
  "cline.apiProvider": "openai",
  "cline.openAiBaseUrl": "https://proxy.raidu.com/acme-corp/openai",
  "cline.openAiApiKey": "raidu_xxx",
  "cline.openAiModelId": "claude-sonnet-4.5",
  "cline.customHeaders": {
    "x-raidu-policy": "coding.eng.v7"
  }
}

// Every Cline action now returns a signed record id in the response.

Questions

What teams ask before enabling an autonomous agent.

Does Raidu require a Cline fork or plugin? +

No. Cline already supports OpenAI-compatible base URLs. Pointing it at Raidu is a settings change.

Can Raidu require human approval on Cline's shell commands? +

Yes. Shell commands are policy-gated. You can require approval for anything matching destructive patterns, require approval for all shell calls in production repos, or block categories entirely. Approvals are signed and recorded.

What is the latency overhead? +

Under 100 ms per checkpoint at p95. Cline feels no slower; the developer benefit is the visibility.

How does this interact with Cline's auto-approve settings? +

Raidu's policy supersedes Cline's auto-approve. Even if Cline is configured to run commands without prompting, Raidu can still require approval or block based on content.

Can my auditor verify the trail independently? +

Yes. The public verification endpoint accepts a record ID and confirms the signature chain. Your auditor never needs access to your environment.

Does this work across teams using different Cline model providers? +

Yes. Raidu fronts any supported provider (Anthropic, OpenAI, Bedrock, Vertex, self-hosted). One policy applies regardless of which model Cline calls.