Windsurf, under policy.

Q: "Does Raidu require a Windsurf fork?"

"No. Windsurf supports custom OpenAI-compatible endpoints for Cascade. Pointing it at Raidu is a settings change."

Q: "Can Raidu require approval on Cascade's multi-file edits?"

"Yes. Policy can require approval for changes that match destructive patterns, changes in regulated paths, or any change above a line threshold. Approvals are signed and recorded."

Q: "What is the overhead?"

"Under 100 ms per checkpoint at p95. Cascade feels the same to the developer; the difference is the visibility."

Q: "Does Raidu work with Windsurf's built-in Codeium models?"

"Raidu governs model calls that route through the OpenAI-compatible path you configure. For Codeium's hosted-only models without endpoint override, Raidu governs complementary coding tools in the same tenant and enforces unified policy."

Q: "Can my auditor verify records without environment access?"

"Yes. Every record carries a publicly verifiable signature. The auditor submits a record ID to the verification endpoint and gets confirmation of the full chain."

Q: "Does this work for regulated repos with stricter rules?"

"Yes. Raidu policies are per-repo, per-branch, and per-path. A regulated repo can require a specific model, require human approval, block shell execution, and mandate stricter redaction, while other repos stay on the default."

Windsurf's Cascade agent plans, edits, and executes across your codebase. Raidu sits between Cascade and the model, redacts outbound context, gates every tool call, scans responses, and signs the evidence.

Book a meeting → See the runtime

The tool

Windsurf

Codeium's agentic IDE with the Cascade agent.

Windsurf is a full IDE, not an extension. Cascade reads your repo, writes code across files, and executes commands. That is the value. That is the governance surface.

Without governance

A full IDE, a full risk surface.

Cascade is not a suggestion engine. It is an agent. Four failure modes security teams see when Cascade ships without a governance layer.

Risk 01

Multi-file edits with no pre-review

Cascade stages changes across many files before the developer sees the diff. Without a response-scan layer, insecure or license-flagged code can land in the editor in bulk.

Risk 02

Shell and command execution

Cascade runs scripts, tests, and installs. A misfired command touches infrastructure. Without per-tool policy, the first signal is an incident.

Risk 03

Broad repo context outbound

To plan across files, Cascade reads widely. Without redaction, secrets and business logic leak to whichever provider the team configured. Nothing on your side proves what did or did not leave.

Risk 04

No unified evidence for audit

Windsurf's internal logs are not signed, not chained, and not designed for SOC 2 or HIPAA evidence packages. Regulators ask for one exportable bundle, not a screenshot of a panel.

With Raidu

How Raidu governs Windsurf.

Windsurf supports custom model endpoints. Point Cascade at Raidu and every plan, tool call, and response flows through the same runtime that governs the rest of your AI stack.

Redact outbound context

Checkpoint 02 · Before LLM

Every file Cascade opens, every shell output, every instruction is scanned before it leaves for the provider. Secrets, PII, and flagged internals are deterministically tokenized. The agent still reasons with the data. The data does not leave raw.

Gate tool calls with policy

Checkpoint 03 · Before Tool

Allowlist shell commands, path-glob file writes, require approval for destructive operations. Policy is shared with your other coding tools, so Cascade and Cursor follow the same rules.

Scan every response

Checkpoint 05 · Agent Response

Model output is checked for unsafe code, license risks, hallucinated packages, and exfiltration patterns before the editor renders the diff. Clean output streams through. Blocked output is logged with a reason.

Signed evidence chain

Post-execution

Every Cascade turn is a signed record linked to the previous one. Prompts, tools, diffs, responses, policy version, user identity. RSA-4096 signed, SHA-256 chained, WORM retained. Exportable for SOC 2.

Integration

Two fields in Windsurf settings.

Windsurf supports OpenAI-compatible endpoints for custom models. Point the endpoint and key at Raidu and Cascade is governed from that moment.

Windsurf · settings json

{
  "cascade.modelProvider": "openai",
  "cascade.openaiBaseUrl": "https://proxy.raidu.com/acme-corp/openai",
  "cascade.openaiApiKey": "raidu_xxx",
  "cascade.model": "claude-sonnet-4.5",
  "cascade.customHeaders": {
    "x-raidu-policy": "coding.eng.v7"
  }
}

// Every Cascade turn returns x-raidu-record-id in the response headers.

Questions

Questions engineering leaders ask before rolling out Cascade.

Does Raidu require a Windsurf fork? +

No. Windsurf supports custom OpenAI-compatible endpoints for Cascade. Pointing it at Raidu is a settings change.

Can Raidu require approval on Cascade's multi-file edits? +

Yes. Policy can require approval for changes that match destructive patterns, changes in regulated paths, or any change above a line threshold. Approvals are signed and recorded.

What is the overhead? +

Under 100 ms per checkpoint at p95. Cascade feels the same to the developer; the difference is the visibility.

Does Raidu work with Windsurf's built-in Codeium models? +

Raidu governs model calls that route through the OpenAI-compatible path you configure. For Codeium's hosted-only models without endpoint override, Raidu governs complementary coding tools in the same tenant and enforces unified policy.

Can my auditor verify records without environment access? +

Yes. Every record carries a publicly verifiable signature. The auditor submits a record ID to the verification endpoint and gets confirmation of the full chain.

Does this work for regulated repos with stricter rules? +

Yes. Raidu policies are per-repo, per-branch, and per-path. A regulated repo can require a specific model, require human approval, block shell execution, and mandate stricter redaction, while other repos stay on the default.