Why use Agent Approve instead of Cascade Turbo Mode?

Turbo Mode is useful when you want Cascade to keep going locally with minimal friction. Agent Approve gives you a middle ground: safe actions can still flow, but higher-risk actions can wait for approval on your phone or Apple Watch.

Can I send a follow-up prompt to Windsurf from my phone like I can with Cursor or Claude Code?

Not today. Windsurf does not currently expose a blocking turn-end hook, so when Cascade finishes a response we cannot pause it to inject a follow-up prompt. We will add follow-up commands for Windsurf if and when the hook API supports a blocking turn-end event.

All agents

Agent Approve for Windsurf

Centralized approvals, guardrails, and activity monitoring for Windsurf Cascade from your phone

GUIHook integration

Agent Approve gives you centralized control over Windsurf Cascade from your phone. Approve or deny shell commands, file reads, file writes, and MCP tool calls from your iPhone or Apple Watch, with push notifications so you know the moment Cascade needs input.

You get one shared set of allow and deny rules, one activity history, and one approval workflow that works the same way across Windsurf, Cursor, Claude Code, Gemini CLI, Codex, Pi, OpenCode, OpenClaw, and Copilot.

Download Windsurf

Quick start

Download Agent Approve from the App Store and complete onboarding.

Run npx agentapprove on your development machine and select Windsurf.

Scan the QR code with your phone to pair.

Start using Windsurf — approval requests arrive on your phone.

Install command

npx agentapprove

Agent Approve config: ~/.agentapprove/

Windsurf hook config: ~/.codeium/windsurf/hooks.json

agentapprovev0.1.24

Recommended configuration

•Enable Cascade Turbo Mode (allow-all auto-execute) in Windsurf settings to let hooks handle approval.
•Windsurf hook configuration lives in ~/.codeium/windsurf/hooks.json. The installer writes the configuration for you.

Capabilities

Approval requests

Follow-up commands

Voice input

Activity monitoring

Push notifications

MCP tool tracking

Good to know

Cascade hook coverage – Windsurf pre-hooks (read code, write code, run command, MCP tool use) all flow through the same mobile approval workflow and shared policy. Post-hooks emit activity events for your history.

No prompt blocking – Agent Approve does not block pre_user_prompt. Agent Approve is self-governance for indie developers, not corporate prompt surveillance.

No follow-up commands today – Windsurf does not currently expose a blocking turn-end hook, so you cannot send a follow-up instruction from your phone when Cascade finishes a turn. We will revisit when Windsurf adds one.

MCP tracking – Windsurf MCP tool calls are grouped under their server names so you can use the same allow and deny lists you use for Cursor and other agents.

Bulk command parsing – Policy evaluation parses shell commands chained with && into individual sub-commands evaluated independently. A dangerous command like rm -rf hidden as the third step in a chain is caught even when the batch starts with safe commands.

Stay up to date – Run npx agentapprove again at any time to update hooks to the latest version.

Use cases

Step away from your laptop and approve shell or MCP actions from your iPhone or Apple Watch instead of leaving Windsurf in Cascade Turbo Mode.

Block dangerous commands like rm -rf even when they are buried in a multi-command chain — one deny rule applies across Windsurf and all your other agents.

Get notified when Windsurf needs input on a sensitive action.

Track Windsurf MCP activity and command approvals in the same history as the rest of your agent stack.

Questions about Windsurf

A few common questions about how Agent Approve fits alongside Windsurf.

More guides

View all supported agents Frequently asked questions Get help