Sunglasses is a filter that sits ahead of your Windsurf agent. Always ON. Every web fetch, file read, or tool response Cascade touches — the filter scans first. This page walks through the Windsurf MCP wiring.
Who this page is for
Windsurf users who want Cascade (Codeium's agent) to stop acting on hidden instructions in files, web content, or tool outputs. MCP wiring takes under 2 minutes.
The command
# In Windsurf Settings → MCP → add: { "sunglasses": { "command": "python", "args": ["-m", "sunglasses.mcp"] } }
Register Sunglasses as a Windsurf MCP server. Windsurf uses the standard MCP protocol. Open Settings → MCP, paste the sunglasses entry, restart. Cascade now has the scan tool on every untrusted input.
Benefit: Cascade becomes safer against prompt injection in any content it reads — including code from new dependencies, docs, web pages, or tool responses.
Install Sunglasses first
If you haven't installed Sunglasses on your machine yet, do this first in a fresh terminal:
python3 -m venv sunglasses-env
source sunglasses-env/bin/activate
pip install --upgrade sunglasses
On modern macOS and many Linux systems, your system Python may block direct installs. A small virtual environment keeps the install clean. Windows: replace source sunglasses-env/bin/activate with sunglasses-env\Scripts\activate.
Full walkthrough in progress. The core command and identity are ready. Detailed step-by-step screenshots, real-world attack examples, and troubleshooting are being added.
FAQ
How do I protect Windsurf Cascade from prompt injection?
Add Sunglasses as an MCP server in Windsurf settings. The scan tool becomes available to Cascade — which can call it before acting on untrusted file content or tool output.
Does this work with Codeium's agentic features?
Yes. Cascade uses MCP servers natively; Sunglasses registers the same way any other MCP server would.
Can I make the scan mandatory?
Add a system-prompt rule instructing Cascade to call sunglasses.scan_text before acting on untrusted input. That closes the opt-in gap.
Is there any cloud dependency?
No. The Sunglasses filter runs locally. Windsurf talks to it over local stdio.
Does this slow Cascade down?
Average scan time is 0.26ms — invisible next to LLM latency.
Where this wiring fits
Sunglasses is one filter with many wiring options. This page covers Windsurf. Other wiring paths:
- Claude Code / Claude Desktop
- Cursor
- Cline (VS Code)
- Zed
- Warp terminal
- Hermes-Agent (Nous)
- LangChain
- CrewAI
- Microsoft AutoGen
- OpenAI Agents SDK
- Custom Python agent
Same filter underneath. Different wiring based on your stack.