Update installation guide for GitHub MCP Server in Windsurf...

...including prerequisites, installation steps, and security best practices.

Author: D1M1TR10S

docs/installation-guides/install-windsurf.md

@@ -1,29 +1,37 @@
 # Install GitHub MCP Server in Windsurf
 
 ## Prerequisites
+1. Windsurf IDE installed (latest version)
+2. [GitHub Personal Access Token](https://github.com/settings/personal-access-tokens/new) with appropriate scopes
+3. For local installation: [Docker](https://www.docker.com/) installed and running
 
-1. Windsurf IDE installed
-2. [GitHub Personal Access Token](https://github.com/settings/personal-access-tokens/new)
-3. [Docker](https://www.docker.com/) installed and running
+## Remote Server Setup (Recommended)
 
-## Installation Steps
-
-### Option 1: Plugin Installation (Recommended)
+The remote GitHub MCP server is hosted by GitHub at `https://api.githubcopilot.com/mcp/` and supports both HTTP and SSE protocols. Windsurf currently supports PAT authentication only.
 
-1. Click the `Plugins` icon or the MCP hammer icon in the Cascade window
-2. Search for and select the `GitHub MCP Server`
-3. Click `Install` at the top of the page
-4. Input your GitHub PAT token in the input field when prompted
-5. Click `Refresh` on the plugin page and restart Windsurf, if needed
+### Direct SSE Configuration
+Windsurf supports SSE servers with a `serverUrl` field:
 
-### Option 2: Manual Configuration
+```json
+{
+  "mcpServers": {
+    "github": {
+      "serverUrl": "https://api.githubcopilot.com/mcp/",
+      "headers": {
+        "Authorization": "Bearer YOUR_GITHUB_PAT"
+      }
+    }
+  }
+}
+```
 
-If you prefer manual configuration, the installation will create a configuration file at `~/.codeium/windsurf/mcp_config.json` that looks like this:
+## Local Server Setup
 
+### Option 1: Docker (Recommended)
 ```json
 {
   "mcpServers": {
-    "github-mcp-server": {
+    "github": {
       "command": "docker",
       "args": [
         "run",
@@ -34,46 +42,104 @@ If you prefer manual configuration, the installation will create a configuration
         "ghcr.io/github/github-mcp-server"
       ],
       "env": {
-        "GITHUB_PERSONAL_ACCESS_TOKEN": "your_github_pat"
+        "GITHUB_PERSONAL_ACCESS_TOKEN": "YOUR_GITHUB_PAT"
       }
     }
   }
 }
 ```
 
-## Important Security Notes
+### Option 2: NPX
+```json
+{
+  "mcpServers": {
+    "github": {
+      "command": "npx",
+      "args": ["-y", "@modelcontextprotocol/server-github"],
+      "env": {
+        "GITHUB_PERSONAL_ACCESS_TOKEN": "YOUR_GITHUB_PAT"
+      }
+    }
+  }
+}
+```
+
+**Note**: The npm package has a deprecation notice but remains functional.
 
-⚠️ **Environment Variable Limitations**: Environment-variable interpolation (using a `$GITHUB_PAT` variable) is not supported in Windsurf.
+## Installation Steps
+
+### Via Plugin Store
+1. Open Windsurf and navigate to Cascade
+2. Click the **Plugins** icon or **hammer icon** (🔨)
+3. Search for "GitHub MCP Server"
+4. Click **Install** and enter your PAT when prompted
+5. Click **Refresh** (🔄)
 
-### Security Best Practices
+### Manual Configuration
+1. Click the hammer icon (🔨) in Cascade
+2. Click **Configure** to open `~/.codeium/windsurf/mcp_config.json`
+3. Add your chosen configuration from above
+4. Save the file
+5. Click **Refresh** (🔄) in the MCP toolbar
 
-- **File Permissions**: Lock down file permissions for the configuration file:
-  ```bash
-  chmod 600 ~/.codeium/windsurf/mcp_config.json
-  ```
-- **Version Control**: Avoid committing configuration files with tokens to version control
-- **Token Scope**: Limit PAT scopes to necessary repositories and tools only
-- **Token Rotation**: Regularly rotate your GitHub Personal Access Tokens
+## Security Best Practices
 
-## Configuration File Location
+### Critical Security Note
+⚠️ **Windsurf does NOT support environment variable interpolation**. You must hardcode your PAT in the configuration file. This makes security practices crucial.
 
-The MCP configuration is stored at:
-- `~/.codeium/windsurf/mcp_config.json`
+### File Protection
+```bash
+# Secure the configuration file
+chmod 600 ~/.codeium/windsurf/mcp_config.json
+
+# Verify permissions
+ls -la ~/.codeium/windsurf/mcp_config.json
+```
 
-## Post-Installation
+### Token Security
+- Create PATs with minimum required scopes:
+  - `repo` - For repository operations
+  - `read:packages` - For Docker image pull (local setup)
+  - Additional scopes based on tools you need
+- Use separate PATs for different projects
+- Regularly rotate tokens
+- Never commit configuration files to version control
+
+## Configuration Details
+
+- **File path**: `~/.codeium/windsurf/mcp_config.json`
+- **Scope**: Global configuration only (no per-project support)
+- **Format**: Must be valid JSON (use a linter to verify)
+
+## Verification
 
 After installation:
-1. Restart Windsurf if prompted
-2. The GitHub MCP Server should be available in the MCP tools
-3. You can verify the installation by checking the plugins page
+1. Look for "1 available MCP server" in the MCP toolbar
+2. Click the hammer icon to see available GitHub tools
+3. Test with: "List my GitHub repositories"
+4. Check for green dot next to the server name
 
 ## Troubleshooting
 
-- Ensure Docker is running and accessible
-- Verify your GitHub PAT is valid and has required permissions
-- Check that the JSON configuration is valid
-- Restart Windsurf after making configuration changes
-- Review Windsurf logs for any MCP server startup errors
-- Ensure the GitHub MCP Server Docker image is accessible (`ghcr.io/github/github-mcp-server`)
-- Try refreshing the plugins page if the server doesn't appear
-- Check that your internet connection allows Docker image pulls from GitHub Container Registry
+### Remote Server Issues
+- **Authentication failures**: Verify PAT has correct scopes and hasn't expired
+- **Connection errors**: Check firewall/proxy settings for HTTPS connections
+- **SSE not working**: Ensure you're using the correct `serverUrl` field format
+
+### Local Server Issues
+- **Docker errors**: Ensure Docker Desktop is running
+- **Image pull failures**: Try `docker logout ghcr.io` then retry
+- **NPX failures**: Clear npm cache with `npm cache clean --force`
+
+### General Issues
+- **Invalid JSON**: Validate with [jsonlint.com](https://jsonlint.com)
+- **Tools not appearing**: Restart Windsurf completely
+- **Check logs**: `~/.codeium/windsurf/logs/`
+
+## Important Notes
+
+- **Official repository**: [github/github-mcp-server](https://github.com/github/github-mcp-server)
+- **Remote server URL**: `https://api.githubcopilot.com/mcp/`
+- **Docker image**: `ghcr.io/github/github-mcp-server`
+- **npm package**: `@modelcontextprotocol/server-github` (deprecated but functional)
+- **Windsurf limitations**: No environment variable interpolation, global config only