Securie for Windsurf — Codeium's editor + Securie's prove-don't-flag scanner

roadmap

Windsurf is Codeium's AI-pair-coding IDE positioned as a Cursor competitor. Same security risk profile: AI-generated auth code carries the 92% bug rate, AI-generated dynamic-route handlers introduce BOLA by default, AI-generated middleware skips auth checks. Securie's specialist fleet catches the same patterns regardless of which editor wrote the code.

Updated

What it does

Securie's specialists are editor-agnostic — they run on the diff, not on the editor's API. Windsurf-generated code passes through the same AuthAuthz + secret_scanner + Supabase RLS + sandbox-verified replayer pipeline as any other AI-generated code. Findings ship as one-tap GitHub Suggested Changes with the prove-don't-flag guarantee.

When to use it

Teams using Windsurf for Next.js / Supabase / Vercel projects. Same fit profile as Cursor.

Limitations

Roadmap. Codeium-marketplace integration (Securie surfaced inside Windsurf) is post-GA.

Install

  1. Install Securie GitHub App on the repo Windsurf pushes to
  2. Add `.codeium/`, `.windsurf/` to .gitignore
  3. Configure pre-commit hook to fail on Securie-blocked merges
  4. Push any Windsurf-edited commit; Securie reviews on the PR

Listed on

Codeium