Enterprise DNA

Omni by Enterprise DNA

Enterprise DNA Resources

Step-by-step how-tos. Practical AI operating-system thinking for owners, operators, and teams doing real work.

220k+

Data professionals

Omni

AI agents and apps

Audit

Map the manual work

Guide Intermediate General

Windsurf IDE Tutorial: Real AI Coding Setup

A working guide to Windsurf's agentic IDE, covering auth, first project, settings that matter, and a real workflow pattern for daily use.

Sam McKay |
Windsurf IDE Tutorial: Real AI Coding Setup

What Windsurf Actually Is

Windsurf is an AI-native fork of VS Code built by Codeium. That is the most useful single sentence about it. The VS Code lineage matters because your keybindings, terminal behaviour, and extension ecosystem all carry over, and you can usually import a VS Code settings folder on first launch without friction.

The reason it exists as a separate editor rather than an extension is the integration between the editor surface and an agentic flow called Cascade. Cascade is not a chat sidebar bolted on the side. It is a multi-step planning and tool-using agent that can read files, edit files, run terminal commands, browse the web, and reason across multiple steps before reporting back. You give it a goal, it proposes a plan, you approve, and it executes.

Under the hood, the editor itself is the Codeium extension stack wrapped in a custom shell. The model layer routes between several frontier models depending on the plan and the task. You are not locked to one model. The current version lets you pick from a list of available models per request in Cascade, and you can switch mid-conversation.

The features that get the most attention are Cascade, a Tab-style autocomplete called Supercomplete, inline edits via natural language, and a concept called Flows which is a persistent memory of the context Cascade has built up about your project. The flows are stored locally and survive restarts, so Cascade does not start cold every session.

What it is not, and this is worth saying plainly, is a magic box that writes your app while you watch. It is an editor with an unusually well-integrated agent. The integration is the product, not the model.

Setup and Authentication

The install path is short. Download the editor from the Windsurf site for your platform, run the installer, and launch it. On first launch it asks whether you want to import settings, keybindings, and extensions from an existing VS Code install. Say yes if you have one, because the import covers settings.json, keybindings.json, and the installed extension list.

Authentication runs through a browser handshake. You sign in with an email, a Google account, or a GitHub account, and the editor receives a token. There is no API key to manage in the default flow. If you are on a Team or Enterprise plan, your admin provisions seats and you get an invite link instead.

If you want to use your own model provider for Cascade, the current version supports that through a configuration panel under Settings, Cascade, Custom Models. You provide a base URL and an API key for OpenAI-compatible endpoints, and the requests route there instead of the hosted model. This is useful for shops that have an internal model gateway or a strict data-residency requirement.

For command-line work, Windsurf ships with a wrapper called windsurf that exposes the editor’s agent over a terminal. Install it from the prompt that appears the first time you open a new terminal inside the editor, or run the installer manually from the Command Palette. Once installed, windsurf "refactor the auth module to use jose" will spawn an agent session that can read the repo it is run from.

There is no separate CLI auth step. The CLI inherits whatever you are signed in as in the editor.

First Working Example

Let us build something concrete. The goal is to make a small but non-trivial change to a real repo so you can see how the agent behaves on a task that has context, not just a toy snippet.

Start by cloning a small open-source project. A good first target is something you already understand, ideally a Node or Python project with a test suite. Open the folder in Windsurf. The status bar at the bottom should show the indexer warming up. Wait until it finishes, because Cascade uses the project index for retrieval.

Open the Cascade panel. It is a docked panel on the right by default, same place VS Code puts the chat sidebar. You can move it. Type this as your first prompt.

“Add a health check endpoint to the Express app. It should return 200 with a JSON body containing uptime, timestamp, and the current commit hash. Add a test for it.”

Cascade will respond with a plan. The plan is a numbered list of steps, each one tied to a file or a command. Read the plan. The whole point of the plan step is so you can intervene before code lands. Approve it, and the agent will start editing.

What happens in practice is roughly this. Cascade reads the entry point, locates where routes are registered, and adds the endpoint. It runs git rev-parse HEAD to get the commit hash. It then opens the test file and adds a test case, matching the style of the existing tests. You will see file diffs stream into the editor as the agent works.

Once it finishes, the panel shows a summary, and any files it changed are highlighted in the explorer. Run your test command. If something fails, do not rewrite the prompt. Highlight the failing test in the terminal, drag it into the Cascade panel, and ask it to fix the test. The agent treats this as new context and resumes from where it left off.

That is the full loop. Goal, plan, approve, edit, verify, patch.

Key Settings That Matter

The defaults are reasonable. The dials most people ignore are the ones that change the agent’s behaviour in subtle ways.

The first is the model selector inside Cascade. The default is usually the most capable hosted model, which is also the most expensive per token. For boilerplate work, scaffolding, and small edits, switching to a smaller model in the same conversation is faster and cheaper. Cascade lets you switch mid-flow.

The second is the indexer scope. By default Windsurf indexes the whole workspace. For monorepos that is a lot of files, and the first session after a fresh checkout can be slow. You can scope the indexer to specific folders under Settings, Indexing, and exclude node_modules, dist, build, and .git explicitly. The performance difference on a medium monorepo is noticeable.

The third is the .windsurfrules file. This is a project-local configuration file in the same spirit as a .cursorrules or a CLAUDE.md. You drop it at the root of the repo and it carries instructions that Cascade reads on every session. The format is plain markdown. Useful entries are coding style rules, which directories to avoid, the test command, the lint command, and any naming conventions the project has. A good first file is short. Two pages of rules will get ignored more than they will get applied.

The fourth is terminal command allow-listing. Cascade can run shell commands but it will pause on anything that looks destructive. You can pre-approve specific commands in settings so the agent does not have to stop and ask. Approve npm test, npm run lint, and git diff and you remove most of the friction.

The fifth is the privacy setting for telemetry. It is on by default. If you are working on a client repo, turn it off in Settings, Privacy, and verify the change by checking the network panel the next time Cascade makes a request. The request should not include telemetry payloads.

Where It Shines

Multi-file refactors are the strongest case. When you can describe a change in one paragraph and it touches six files, the planning step pays for itself. You review the plan, you approve, and the agent handles the bookkeeping.

Test generation is a close second. The agent reads existing tests, matches the style, and produces tests that are usually consistent with the project’s conventions on the first pass. You still review them, but the volume of busywork drops.

Greenfield scaffolding is the third. A request like “make me a Next.js app with a Postgres database, a users table, and an auth flow” is the kind of task where the agent can do in two minutes what takes twenty by hand. The plan step catches the wrong assumptions before any code is written, which is where most scaffolding attempts go off the rails.

Onboarding to an unfamiliar codebase is the fourth. Open a repo you have never seen, point Cascade at the entry point, and ask for a tour. The agent reads the project structure, follows the imports, and produces a written summary of how the pieces fit together. It is not perfect, but it is faster than reading the README and chasing imports for an hour.

Where It Fails

It fails on long-running, ambiguous tasks where the requirements are not pinned down. The longer Cascade runs, the more it drifts. The mitigation is to break the work into smaller goals with checkpoints, not to hand it a two-page spec and expect it to land.

It fails on tasks that require real-time external state. Cascade can browse the web and it can run shell commands, but it does not have access to your production database, your staging environment, or your error tracker. If the answer depends on a query, you have to run the query and paste in the result.

It fails on visual work. UI tweaks, CSS changes, and layout problems are a weak spot. The agent can change the code, but it cannot see the result. You end up in a loop of “no, the button is two pixels off” that is faster to do by hand. The editor is improving here, but the model still has no eyes.

It fails on large monorepos with poor boundaries. If your packages are tangled and the dependency graph is a mess, the agent will produce diffs that look reasonable and break something three packages away. This is not a Windsurf problem, it is a project problem, but the failure mode is sharp.

It also fails on anything that requires deep framework-specific knowledge that has changed recently. The model’s training has a cutoff and the framework might have moved. Always verify version-specific advice against the current docs.

Practical Workflow Pattern

The way I would actually use it day to day looks like this. Treat Cascade as a junior pair who is fast, knows every API by heart, and has no idea what the project is for. You give the goals, you review the plan, you run the verification, and you keep the steering wheel.

A clean pattern is to keep three things open at the end of every working session. The Cascade panel, the terminal, and the diff view. You do not need anything else. Make your change, run your tests, review the diff, commit.

The single most useful habit is writing a good .windsurfrules file and keeping it short. Mine has the test command, the lint command, the directories I want the agent to ignore, and a few hard rules about how I want commit messages formatted. That is it. Anything more and the agent starts ignoring parts of it.

The second most useful habit is treating the plan step as a checkpoint, not a formality. Read it. Reject it if it is wrong. The minute you start rubber-stamping plans is the minute the agent learns that quality does not matter, and the output drifts accordingly.

The third is to scope tasks to one logical change at a time. “Refactor the auth module” is one task. “Refactor the auth