Bug Report BR-039 – Cascade Whitelist Security Prompt Usability Blocker
Status: IN PROGRESS (product / Cascade fix unverified — maintainer does not use Windsurf; no subscription; E6:S06:T57 = ✅ COMPLETE for repo traceability + docs only)
Priority: CRITICAL
Severity: HIGH
Created: 2026-03-09
Last updated: 2026-04-02 — RW -k E6:S06:T57 v0.6.6.57+6 (SemVer v0.4.705+6); T57 repo COMPLETE; BR-039 stays open for vendor/community verification
Version: v0.6.6.57+6
Code: BR-039
Implementing Task (repo — COMPLETE): E6:S06:T57
Planning Artifact (IPW): IPW-E6S06T57-br039-vendor-blocker-planning.md
Problem Statement
Cascade's whitelist feature is non-functional, creating constant security prompt interruptions that prevent productive workflow execution. Users must manually approve every single command despite previous approvals, making the tool unusable for continuous development work.
Video Evidence
Reference: Screen Recording 2026-03-09 at 16.07.14.mov (project root)
Detailed Description
Expected Behavior
- Whitelist Persistence: Once a command is whitelisted, it should not prompt again
- AI Enable: When AI is enabled, security prompts should be minimized for trusted commands
- Continuous Workflow: Users should be able to work without constant interruption
Actual Behavior
- Whitelist Ignored: Security prompts appear for every command regardless of whitelist status
- AI Enable Ineffective: Even with AI enabled, every script/terminal command requires manual approval
- Constant Interruption: Users cannot complete more than 1-2 commands without being stopped
- Productivity Killer: Focus shifts from project work to tool management
Specific Issues Identified
- Whitelist Memory Loss: Commands added to whitelist are forgotten between sessions
- Prompt Fatigue: Same commands trigger security prompts repeatedly
- Work Flow Disruption: Cannot maintain focus on development tasks
- Tool Adoption Barrier: Makes Windsurf unusable for real development work
Impact Assessment
User Experience Impact
- CRITICAL: Tool becomes unusable for continuous development
- Productivity Loss: 80%+ of time spent on tool management vs. actual work
- Frustration Level: Extreme - users abandon tool despite potential benefits
Development Workflow Impact
- Release Workflow: Cannot execute automated workflows without constant approval
- Testing: Cannot run test suites without manual intervention for each test
- Build Processes: Cannot maintain build workflows due to prompt interruptions
Root Cause Analysis
Technical Issues
- State Management: Whitelist state not properly persisted
- Security Model: Overly aggressive security prompts override user preferences
- Configuration: AI enable and whitelist settings not properly integrated
Design Issues
- User Trust: Security model assumes zero trust even for user-approved actions
- Workflow Integration: Security prompts not designed for continuous development workflows
- Feedback Loop: No mechanism for users to report or work around whitelist failures
Reproduction Steps
- Enable AI in Cascade settings
- Run any command (e.g.,
python script.py) - Approve the command when security prompt appears
- Add command to whitelist if option available
- Run the same command again
- Observe: Security prompt appears again despite whitelist
Expected Resolution
Immediate Fixes
- Whitelist Persistence: Ensure whitelisted commands remain whitelisted across sessions
- AI Enable Integration: Respect AI enable setting for reducing prompts
- Session Memory: Maintain whitelist state within current session
Long-term Improvements
- Trust Learning: System should learn user patterns and reduce prompts over time
- Workflow Mode: Special mode for development workflows with minimal security prompts
- User Control: Granular control over security prompt frequency and scope
Workarounds
For this project (ai-dev-kit maintainer)
- Standard IDE: Cursor for all repo work, including RW and validator-driven workflows. Windsurf is not used (no subscription); there is no ongoing Cascade-in-Windsurf verification from this maintainer.
- BR-039 remains the product record for Cascade behavior if others (vendor, subscribers) re-test.
Original report context (historical)
- Manual Approval: Continue manually approving every command (not sustainable for Cascade users)
- Tool Switching: Use Cursor (or another IDE) when Cascade prompts block automation
- Limited Usage: Use affected IDE only for non-automated tasks (reduces value)
Other mitigations (general)
- Batch Commands: Combine multiple operations into single commands (limited effectiveness)
- External Scripts: Run automation outside the affected agent UI where possible
Re-verification Protocol
When vendor releases relevant changes, run this protocol before any closure claim:
- Capture vendor version/build under test.
- Re-run the BR-039 reproduction steps.
- Execute a terminal-heavy continuity sequence (RW-like command flow).
- Record results in evidence log format.
- Classify outcome as
pass,fail, orblocked. - Update T57 + BR status text using attempted/verified language only.
Evidence Log Format
Use append-only entries with these fields:
date_utctool_versionscenarioexpectedobservedresult(pass|fail|blocked)notes(workaround, escalation, owner)
Log entry E1 — 2026-04-02
- date_utc: 2026-04-02 14:44 UTC
- tool_version: Windsurf 1.9577.27 (
/Applications/Windsurf.appplist); executor shell Cursor 2.6.20 (validators only). - scenario: (1) BR-039 interactive repro — not run (UI). (2)
validate_branch_context.py --strict;validate_rw_task_complete.py --requested E6:S06:T57onepic/6-framework-management. - expected: (1) Whitelist persists, no repeat prompt. (2) Validator exit 0.
- observed: (1) Not executed here. (2) Exit 0 for both.
- result:
blockedfor (1); auxiliarypassfor (2) — does not prove Cascade fixed. - notes: Mirror of T57 — Evidence § E1. (Superseded for this maintainer by E2: optional Windsurf retest waived — Cursor-only.)
Log entry E2 — 2026-04-02 (reporter Cursor-only)
- date_utc: 2026-04-02 (maintainer follow-up)
- tool_version: Primary: Cursor. Windsurf retest waived (reference build 1.9577.27 from E1 only).
- scenario: Optional BR-039 repro in Windsurf — declined by implementing maintainer.
- expected: N/A (waived).
- observed: Maintainer switched back to Cursor; no Windsurf verification planned.
- result:
blocked/ waived (reporter) — product behavior not re-tested; not “fixed”. - notes: Mirror of T57 — Evidence § E2. Superseded by maintainer policy: no Windsurf subscription — T57 closed repo-side; BR-039 remains for Cascade product state.
Success Criteria
Resolution Criteria
- Whitelisted commands do not prompt again
- AI enable setting reduces security prompts appropriately
- Users can execute workflows without constant interruption
- Security model balances safety with usability
Validation Criteria
- User can complete 10+ commands without security prompts for whitelisted items
- Release workflows execute continuously without manual approval
- Development focus remains on project work, not tool management
Language guardrail: Until validation criteria are met on current vendor build, document updates as attempted fix or change implemented, not fixed/resolved/completed.
Related Issues
- BR-038: Release Workflow Micromanagement and Tool Discovery Issues (symptom of this root cause)
- E6:S06:T02: Fix Release Workflow Micromanagement Issues (attempted to fix symptoms, not root cause)
- E6:S06:T57: Implementing task — T57
Priority Justification
CRITICAL priority because:
- Blocks Development: Prevents any meaningful use of Windsurf for development
- User Abandonment: High risk of users abandoning the tool despite potential benefits
- Competitive Disadvantage: Cursor does not have this issue, creating competitive pressure
- Product Viability: Core functionality is unusable for target use case
Resolution Timeline
Target Resolution: ASAP - This is a blocking issue for tool adoption
Next Steps:
- Document this bug report thoroughly (done)
- Escalate to Cascade development team / community
- Provide reproduction steps and video evidence (historical assets in repo)
- Track resolution via BR-039 evidence log — third-party or vendor re-verification
Maintainer (this repo) until BR closed elsewhere:
- Cursor-only workflow; no Windsurf verification
- T57 COMPLETE = repo obligations met; does not close BR-039