MCP Directory

How to add Magg to Windsurf

Meta-MCP server that manages, aggregates, and proxies other MCP servers so LLMs can extend themselves. Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.

Last updated June 14, 2026 · 134 · stdio · no auth

Windsurf config for Magg

uv tool install magg
{
  "mcpServers": {
    "magg": {
      "command": "magg",
      "args": [
        "serve"
      ]
    }
  }
}

Setup steps

  1. 1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
  2. 2Paste the Magg config below.
  3. 3Fill in placeholder secrets, then save.
  4. 4Click Refresh in the MCP panel.
  5. 5Magg's tools become available to Cascade.

Before you start

  • Python 3.12 or higher (3.13+ recommended)
  • uv (recommended) — installed from astral.sh/uv
  • Optional: Docker, for running the pre-built ghcr.io/sitbon/magg images

What Magg can do in Windsurf

magg_list_servers

List all configured MCP servers.

magg_add_server

Add a new MCP server.

magg_remove_server

Remove a server.

magg_enable_server

Enable a server, making it available.

magg_disable_server

Disable a server, toggling off its availability.

magg_search_servers

Search for MCP servers online.

magg_list_tools

List all available tools from all servers.

magg_smart_configure

Intelligently configure a server from just a URL.

Security

HTTP transport supports optional bearer-token authentication via an RSA keypair. Run `magg auth init` to generate keys (stored in `~/.ssh/magg/` by default), then `magg auth token` to mint JWTs; clients pass the token via the MAGG_JWT env var or BearerAuth. The private key may also be supplied through MAGG_PRIVATE_KEY. By default (stdio quick-start) no auth is configured. A read-only mode is available via MAGG_READ_ONLY=true. Because Magg can dynamically add and run arbitrary backend MCP servers at an LLM's request, treat it as capable of executing whatever those servers can do.

Magg + Windsurf FAQ

Where is the Windsurf config file?

Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the Magg config there under the "mcpServers" key and restart the client.

Is Magg safe to use with Windsurf?

HTTP transport supports optional bearer-token authentication via an RSA keypair. Run `magg auth init` to generate keys (stored in `~/.ssh/magg/` by default), then `magg auth token` to mint JWTs; clients pass the token via the MAGG_JWT env var or BearerAuth. The private key may also be supplied through MAGG_PRIVATE_KEY. By default (stdio quick-start) no auth is configured. A read-only mode is available via MAGG_READ_ONLY=true. Because Magg can dynamically add and run arbitrary backend MCP servers at an LLM's request, treat it as capable of executing whatever those servers can do.

What transports does Magg support?

stdio (default, for Claude Desktop, Cline, Cursor, Claude Code), HTTP (`magg serve --http`), and a hybrid mode that runs both simultaneously, plus in-memory transport.

How do I add it to Claude Code?

After installing Magg (`uv tool install magg`), run `claude mcp add magg -- magg serve --hybrid --port 42000`. For a plain stdio client, point it at the command `magg` with argument `serve`.

Does it require authentication?

No by default. For HTTP access you can optionally enable RSA-based JWT bearer-token auth via `magg auth init` / `magg auth token`; clients then pass the token through the MAGG_JWT environment variable or BearerAuth.

View repo Full Magg page