How to add auth-fetch-mcp to Windsurf

Let AI assistants fetch content from authenticated web pages via a real browser login. Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.

Last updated June 14, 2026 · 30★ · stdio · no auth

Windsurf config for auth-fetch-mcp

claude mcp add --scope user auth-fetch -- npx auth-fetch-mcp@latest

{
  "mcpServers": {
    "auth-fetch-mcp": {
      "command": "npx",
      "args": [
        "auth-fetch-mcp@latest"
      ]
    }
  }
}

Setup steps

1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
2Paste the auth-fetch-mcp config below.
3Fill in placeholder secrets, then save.
4Click Refresh in the MCP panel.
5auth-fetch-mcp's tools become available to Cascade.

Before you start

A local environment (does not work in web-based chat interfaces)
Node.js with npx (server is run via `npx auth-fetch-mcp@latest`)
Chromium is auto-installed on first run if not already present
An MCP-compatible client using stdio transport (Claude Code, Cursor, Windsurf, etc.)

What auth-fetch-mcp can do in Windsurf

auth_fetch

Primary tool. Fetches page content using a real browser, opening a window for login if needed. Returns cleaned HTML with noise elements (nav, footer, scripts, etc.) stripped and media tags (<img>, <video>, <iframe>) preserved. Params: url (string, required, http/https only); wait_for (string, optional CSS selector to wait for before capturing, useful for SPAs).

download_media

Downloads files from URLs using saved browser sessions — use it to lazily download images, videos, or other files found in auth_fetch results; saved cookies handle authentication automatically. Params: urls (string[], required, http/https only); output_dir (string, optional subdirectory under ~/.auth-fetch-mcp/downloads/, absolute paths or escaping `..` rejected; defaults to a timestamped folder).

list_pages

Lists all open tabs in the browser with their URLs and titles.

close_browser

Closes the browser window. Login sessions are saved and will be reused next time.

Security

All data is stored locally under ~/.auth-fetch-mcp/ and nothing is sent to external servers; captured HTML is never written to disk (passed only over the stdio pipe). To prevent SSRF from prompt injection, both auth_fetch and download_media validate every URL: only http/https schemes are allowed, and the resolved IP is rejected if it falls in private, loopback, link-local, CGNAT, or multicast ranges. download_media also constrains output_dir to stay inside ~/.auth-fetch-mcp/downloads/. Private/LAN hosts can be opted in via AUTH_FETCH_ALLOW_PRIVATE or AUTH_FETCH_ALLOW_HOSTS, but doing so re-opens those hosts to any prompt the LLM processes.

auth-fetch-mcp + Windsurf FAQ

Where is the Windsurf config file?

Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the auth-fetch-mcp config there under the "mcpServers" key and restart the client.

Is auth-fetch-mcp safe to use with Windsurf?

Do I have to log in every time?

No. Browser sessions (cookies, local storage) are saved locally under ~/.auth-fetch-mcp/browser-data/ and reused across restarts, so each service only needs a one-time manual login.

Is my page content or login data sent anywhere?

No. All data stays on your machine. Captured HTML is never written to disk — it passes directly to the AI over the stdio pipe — and sessions are stored locally as a standard Chromium profile.

Can it access a dev server or host on my LAN?

Private, loopback, and link-local hosts are blocked by default to prevent SSRF. You can opt in with AUTH_FETCH_ALLOW_PRIVATE=1 (most permissive) or a narrow AUTH_FETCH_ALLOW_HOSTS allowlist, but only in trusted environments since this re-opens those hosts to any prompt the LLM processes.

View repo Full auth-fetch-mcp page