integrations / windsurf

Windsurf

Attestd works with Windsurf via the Model Context Protocol. Once configured, Windsurf's Cascade assistant can check any npm, PyPI, or infrastructure dependency for CVE risk and supply chain compromise. Windsurf uses a global config file only. There is no project-level MCP config.

setup

Connect Attestd to Windsurf

Windsurf reads MCP config from ~/.codeium/windsurf/mcp_config.json on macOS and Linux, or %USERPROFILE%\.codeium\windsurf\mcp_config.json on Windows. You can also open it from the Command Palette: Windsurf: Configure MCP Servers.

Remote servers use serverUrl instead of url. Local stdio servers use the same format as Cursor and Claude Code.

  1. Get an API key from the portal.
  2. Create ~/.codeium/windsurf/mcp_config.json if it does not exist.
  3. Add the block below and restart Windsurf fully.
~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "attestd": {
      "serverUrl": "https://mcp.attestd.io/mcp",
      "headers": {
        "Authorization": "Bearer your-api-key-here"
      }
    }
  }
}
stdio (local)

Local stdio via npx

For local execution, use the stdio npm package. Requires Node.js 18+. Stdio config uses the same format as other MCP clients.

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "attestd": {
      "command": "npx",
      "args": ["-y", "@attestd/mcp"],
      "env": {
        "ATTESTD_API_KEY": "your-api-key-here"
      }
    }
  }
}
system prompt

System prompt

Add this to your Windsurf rules or Cascade system prompt. Without it, Cascade may have the tool available but not call it unprompted when you discuss a dependency.

text
You are a security-aware deployment assistant with access to the Attestd MCP server.

Before approving any software dependency, infrastructure component, or package version:
1. Call check_package_vulnerability with the product slug and exact version.
2. Block deployment if riskState is "critical" or "high".
3. Block immediately if activelyExploited is true, regardless of riskState.
4. Block immediately if supplyChainCompromised is true.
5. If outsideCoverage is true, state explicitly that the risk is UNKNOWN. Do not treat it as safe.
6. If patchAvailable is true, include fixedVersion in your recommendation.

Use list_covered_products if you are unsure whether a product slug is supported.
what happens

What Windsurf does with Attestd

When you ask Cascade about a dependency, it calls check_package_vulnerability with the package name and version. Attestd returns categorical fields. Cascade reads riskState, activelyExploited, and supplyChainCompromised and states the answer directly.

verify

Verify the connection

Ask Cascade to call list_covered_products. It should return the count of supported infrastructure slugs. If the server does not appear, open the Cascade MCP panel and click Refresh, or restart Windsurf fully. For a direct server health check:

bash
curl https://mcp.attestd.io/health
# → {"status":"ok"}
see also