Delv
IDEby Codeium4.3

Windsurf

Codeium's agent-first IDE (formerly Codeium Editor). Cascade mode with MCP support, plus built-in memory and a generous free tier.

Homepage MCP docs
B
Safety & Trust

Delv Safety Grade: B

Score 72/100 · assessed 2026-04-19

Maintainer85
Permissions55
Supply chain75
Transparency60
Incidents100

Windsurf is Codeium's agent-first IDE with MCP support, backed by a well-funded company (Exafunction Inc) with significant VC backing and enterprise customers. The maintainer score is strong given Codeium's established presence in AI coding tools. However, transparency is limited: there's no public repository for the IDE itself, making independent security review impossible. The permissions model is concerning for an agent-first tool that can autonomously edit multiple files and execute code across your entire workspace. Supply chain is reasonable via standard installers but lacks the verifiability of open source. MCP integration is recent (late 2024) and partial, supporting tools and resources but not prompts or sampling. No known security incidents, but the closed-source nature and broad filesystem access warrant caution with sensitive codebases.

Green flags

  • Codeium is established vendor with enterprise customers and VC backing
  • Standard installer distribution via official website (not sideload)
  • Active documentation and support channels
  • Generous free tier reduces pressure for rushed security decisions
  • No known security incidents or credential leaks to date

Red flags

  • No public repository - closed source IDE cannot be independently audited
  • Agent-first design means autonomous multi-file edits without per-action approval
  • Broad filesystem access across entire workspace, not scoped to project
  • Relatively new MCP implementation (late 2024) with incomplete feature support

Permissions requested

Read filesWrite filesDelete filesOutbound networkShell executeExternal LLM callRepo readRepo write
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

MCP capabilities

  • Tools
  • Resources
  • Prompts
  • Sampling

Platforms

macOSWindowsLinux

Config location

~/.codeium/windsurf/mcp_config.json

Review

Windsurf is Codeium's rebrand of their editor into an agent-first IDE, and it's the first one I've used where the AI feels like it actually belongs in the workflow rather than bolted on. Cascade mode is the headline feature: you describe what you want, and the agent plans, edits multiple files, and iterates without you babysitting every step. It's closer to Cursor's Composer than Claude Desktop's chat window, which matters when you're refactoring across a dozen files. MCP support arrived recently and it's solid but not exhaustive. Tools and resources work as expected, which covers most servers you'd actually want to run. Prompts and sampling aren't supported yet, so if you're building workflows around those primitives, you'll need to wait or use Claude Desktop. Config lives in `~/.codeium/windsurf/mcp_config.json` and follows the standard schema, so if you've set up MCP elsewhere, you'll copy-paste and be done in two minutes. What sets Windsurf apart is the built-in memory system. Cascade remembers context across sessions without you manually feeding it the same README every time. I've found this genuinely useful when working on a feature over multiple days. The agent recalls architectural decisions and doesn't ask me to re-explain the database schema. It's not perfect, but it's better than starting cold every morning. The free tier is unusually generous: unlimited basic completions and a meaningful amount of Cascade requests. You'll hit limits if you're hammering it all day, but for most developers it's enough to evaluate properly. Paid tiers unlock more Cascade usage and faster models. Rough edges: the UI occasionally lags when Cascade is planning complex changes, and error messages from MCP servers can be cryptic. The editor itself is a fork of VS Code, so extensions mostly work, but there's the usual friction when something doesn't. I'd also like to see the MCP config UI integrated rather than editing JSON by hand, though that's a minor complaint. I reach for Windsurf when I'm building something new or refactoring aggressively. For quick edits or one-off scripts, VS Code with Copilot is faster to open. But for sustained work where the AI needs to understand a whole project, Windsurf is the best option I've used that isn't Cursor.
Verdict

Best choice if you want an agent-first IDE with MCP support and don't want to pay Cursor prices. The free tier is good enough to use daily. Skip it if you need full MCP feature parity or prefer a minimal editor.

Good at

  • Cascade mode handles multi-file refactoring without constant supervision
  • Built-in memory persists context across sessions
  • Generous free tier with unlimited basic completions
  • MCP config follows standard schema, easy to port from other clients
  • Cross-platform with native performance

Watch out

  • MCP prompts and sampling not yet supported
  • UI can lag during complex Cascade planning
  • MCP config requires manual JSON editing
  • VS Code fork means some extension compatibility issues
  • Error messages from MCP servers could be clearer