docs/integrations/windsurf

How to connect the Secret & Repo Scanner MCP Tool to Windsurf

Scans a directory for leaked secrets, API tokens, private keys, PII (emails, SSNs), and missing .gitignore entries. This guide provides the exact configuration required to load the repo_scanner tool inside Windsurf.

Step 1: Open the configuration file

Locate and open your Windsurf configuration file at the following path:

macOS / Linux~/.codeium/windsurf/mcp_config.json

Windows%USERPROFILE%\.codeium\windsurf\mcp_config.json

Step 2: Add the server config

Copy and paste the following JSON snippet into the file. Save the file and restart Windsurf.

mcp_config.json

{
  "mcpServers": {
    "agenticstore": {
      "command": "uvx",
      "args": ["agentic-store-mcp", "--tools", "repo_scanner"]
    }
  }
}

Step 3: Try it out

Once restarted, ask Windsurf something like this to trigger the tool:

"Scan this repository for any leaked API keys or secrets."

Explore more

→ View full repo_scanner documentation → See all Client integrations