Devin Desktop / Windsurf Integration Guide

Overview

Devin Desktop, formerly Windsurf, combines IDE workflows with agent command-center behavior. Cup’n’String supports detection, endpoint governance, local-service policy, and secret shielding.

Support level

Auto-Discovered with path to Native Integration

What Cup’n’String detects

• Devin Desktop/Windsurf processes
• Workspace context where available
• Provider/network endpoints
• Agent subprocesses where visible

What it governs

• Provider egress
• Local service and container access
• Sensitive files and credentials
• Agent-initiated network calls

Recommended policies

• Audit agent sessions
• Restrict unapproved AI endpoints
• Protect local credentials

Setup outline

1. Ensure the Cup’n’String client is running.
2. Open Devin Desktop / Windsurf.
3. Configure target workspace environments to use the local loopback proxy address.

Verification

Confirm that outbound LLM calls from Windsurf are captured and cataloged in the dashboard under the corresponding process ID.

Troubleshooting

If process hooks are missing, check if Windsurf is installed in a non-standard application directory.

Known limitations

Native integration should be deepened if customer demand is high.