Airlock Windsurf Enforcer

Prerequisites

• • Windsurf IDE installed
• • An Airlock account
• • The Airlock Mobile Approver app installed on your phone (Android or iOS)

Getting Started

1. 1

   Install the Extension

   In Windsurf, open the Extensions panel (Ctrl+Shift+X / Cmd+Shift+X), search for Airlock Enforcer, and install Airlock Windsurf Enforcer.

2. 2

   Sign In

   Open the Command Palette (Ctrl+Shift+P / Cmd+Shift+P) and run Airlock: Sign In. Authenticate with your Airlock account.

3. 3

   Pair with Mobile App

   Run Airlock: Start Mobile Pairing from the Command Palette. A QR code will be displayed. On the Airlock Mobile Approver app, go to Settings → Pair Another Workspace, scan the QR code or enter the pairing code manually.

4. 4

   Enable Auto Mode

   Run Airlock: Enable Auto Mode to start intercepting AI actions. All agent commands will now require your mobile approval.

Extension Commands

Command	Description
Airlock: Sign In	Authenticate with the Gateway
Airlock: Sign Out	Clear authentication
Airlock: Start Mobile Pairing	Pair with the Airlock mobile app (QR code)
Airlock: Unpair Mobile Approver	Remove paired device
Airlock: Enable Auto Mode	Start automatic approval gating
Airlock: Disable Auto Mode	Stop gating
Airlock: Show Status	Show current endpoint, enforcer ID, pairing state

Windsurf-Specific Notes

How It Works

The Airlock Windsurf Enforcer intercepts all AI-generated terminal commands and file mutations. Each action is encrypted with AES-256-GCM and submitted to the Gateway. Your Mobile Approver receives a push notification — you review the action and sign your decision with Ed25519. The enforcer verifies the signature locally before allowing execution.