AgentKeeper monitors Cascade file writes, shell commands, prompts, file reads, and MCP calls, then applies org policy before risky actions continue.
No credit card required · Free tier forever · One command setup
Cascade actions, all covered
| Action | Hook | Status |
|---|---|---|
| Shell commands | pre_run_command | Blocked |
| File writesIDE-unique | pre_write_code | Blocked |
| File reads | pre_read_code | Blocked |
| MCP tool calls | pre_mcp_tool_use | Blocked |
| User prompts | pre_user_prompt | Blocked |
Windsurf has the most comprehensive hook system of any AI coding IDE. AgentKeeper leverages every pre-hook to block threats before they execute.
That's what makes it powerful. It's also what makes it a security surface.
Cascade can
Autonomous code generation needs guardrails. AgentKeeper provides them.
Cascade can write any file in your project autonomously. AgentKeeper adds pre-write policy checks so risky changes are caught before they land.
Cascade runs terminal commands, reads source files, and calls MCP tools on your behalf. AgentKeeper turns those actions into a real-time audit trail.
Cascade reads files and processes their content as context. Malicious instructions embedded in source files, configs, or dependencies can redirect the agent's behavior.
Most IDEs only let you audit after the fact. Windsurf's hook system gives AgentKeeper the ability to block before anything happens.
pre_write_codeAgentKeeper scans the file content Cascade is about to write. Reverse shells in bash scripts, API keys hardcoded in configs, malicious npm install hooks all get caught before the file ever touches disk.
pre_user_promptCascade reads your files and feeds them as context. Malicious instructions embedded in source code, package.json scripts, or even markdown docs can hijack the agent. pre_user_prompt intercepts this before Cascade acts.
exit code 2Windsurf's hook system uses exit code 2 as a reliable blocking signal. AgentKeeper returns exit code 2 to halt any action outright, with no partial writes and no partial command execution.
Four steps from install to full coverage.
Run the AgentKeeper installer with the Windsurf target. Hooks are registered in Cascade's lifecycle, with no manual config required.
bash <(curl -fsSL https://www.agentkeeper.dev/install-hooks.sh) --ide windsurfAgentKeeper registers on every Windsurf pre-hook, covering prompts, file reads, file writes, shell commands, and MCP calls.
pre_run_commandShell commands
pre_write_codeFile writes
pre_read_codeFile reads
pre_mcp_tool_useMCP tool calls
pre_user_promptUser prompts
Behavioral detection tuned for zero false positives on normal development. Dangerous actions are stopped with exit code 2 before they execute.
When a hook blocks an action, Cascade receives a descriptive error message, and the event is logged to your AgentKeeper dashboard with full context.
97%
Compliance
18
Developers
89
Threats Blocked
2.4k
File Writes Scanned
Every feature designed to give you control without slowing your developers down.
Unique to Windsurf: scan file content before it's written to disk. Catches secrets, malicious scripts, and dangerous patterns in generated code before they become a problem.
pre_user_prompt hook scans every prompt before Cascade processes it. Catches social engineering, jailbreaks, and embedded instructions in file content that Cascade reads as context.
Allow, warn, or block specific MCP tool calls per org. Control which external integrations Cascade can invoke and log every call to your audit trail.
pre_run_command intercepts every terminal command before execution. Prevent rm -rf, curl | bash, and other dangerous patterns from running autonomously.
Every prompt, file write, shell command, and MCP call logged with timestamps, session context, and user identity. Full forensic trail for incident response.
Windsurf version, hooks active, and policy decisions per developer. One view for your entire Cascade rollout.
Windsurf's hook system is the most comprehensive. Agent Keeper makes full use of every capability.
| Capability | Cursor | Windsurf + AgentKeeper |
|---|---|---|
| Shell command blocking | ||
| File write blocking (pre-write)unique to Windsurf | ||
| File read blocking | ||
| MCP tool call blocking | ||
| Prompt injection blocking | ||
| Fleet compliance dashboard | ||
| Complete audit trail | ||
| Custom org policies | ||
| 30+ threat patterns |
Windsurf's hook system uses exit codes for blocking. It cannot inject warning context back to the Cascade agent. In warn mode, detections are logged to your dashboard but Cascade is not notified of the detection. Block mode (exit code 2) is fully effective and stops the action outright.
Start free, no credit card required. Scale when you need to.
For individual developers
Need enterprise features? Contact us for enterprise pricing