You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/installation-guides/install-windsurf.md
+2-25Lines changed: 2 additions & 25 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@
7
7
8
8
## Remote Server Setup (Recommended)
9
9
10
-
The remote GitHub MCP server is hosted by GitHub at `https://api.githubcopilot.com/mcp/` and supports both HTTP and SSE protocols. Windsurf currently supports PAT authentication only for the remote GitHub server.
10
+
The remote GitHub MCP server is hosted by GitHub at `https://api.githubcopilot.com/mcp/` and supports both HTTP and SSE protocols. Windsurf currently supports PAT authentication only.
11
11
12
12
### Direct SSE Configuration
13
13
Windsurf supports SSE servers with a `serverUrl` field:
@@ -28,7 +28,7 @@ Windsurf supports SSE servers with a `serverUrl` field:
28
28
## Local Server Setup
29
29
30
30
### Docker Installation (Required)
31
-
> **Important**: The npm package `@modelcontextprotocol/server-github` is no longer supported as of April 2025. Use the official Docker image `ghcr.io/github/github-mcp-server` instead.
31
+
**Important**: The npm package `@modelcontextprotocol/server-github` is no longer supported as of April 2025. Use the official Docker image `ghcr.io/github/github-mcp-server` instead.
32
32
33
33
```json
34
34
{
@@ -67,29 +67,6 @@ Windsurf supports SSE servers with a `serverUrl` field:
67
67
4. Save the file
68
68
5. Click **Refresh** (🔄) in the MCP toolbar
69
69
70
-
## Security Best Practices
71
-
72
-
### Critical Security Note
73
-
⚠️ **Windsurf does NOT support environment variable interpolation**. You must hardcode your PAT in the configuration file. This makes security practices crucial.
74
-
75
-
### File Protection
76
-
```bash
77
-
# Secure the configuration file
78
-
chmod 600 ~/.codeium/windsurf/mcp_config.json
79
-
80
-
# Verify permissions
81
-
ls -la ~/.codeium/windsurf/mcp_config.json
82
-
```
83
-
84
-
### Token Security
85
-
- Create PATs with minimum required scopes:
86
-
-`repo` - For repository operations
87
-
-`read:packages` - For Docker image pull (local setup)
88
-
- Additional scopes based on tools you need
89
-
- Use separate PATs for different projects
90
-
- Regularly rotate tokens
91
-
- Never commit configuration files to version control
0 commit comments