How to add plugged.in MCP Proxy to Windsurf
Unified MCP hub that aggregates all your MCP servers into one connection, with knowledge, memory, and tools. Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.
Last updated June 14, 2026 · 131★ · stdio · apikey · official
Windsurf config for plugged.in MCP Proxy
npx -y @pluggedin/pluggedin-mcp-proxy@latest --pluggedin-api-key YOUR_API_KEY{
"mcpServers": {
"plugged-in-mcp-proxy": {
"command": "npx",
"args": [
"-y",
"@pluggedin/pluggedin-mcp-proxy@latest"
],
"env": {
"PLUGGEDIN_API_KEY": "YOUR_API_KEY"
}
}
}
}Setup steps
- 1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
- 2Paste the plugged.in MCP Proxy config below.
- 3Fill in placeholder secrets, then save.
- 4Click Refresh in the MCP panel.
- 5plugged.in MCP Proxy's tools become available to Cascade.
Before you start
- Node.js 18+ (v20+ recommended)
- An API key from the plugged.in App (https://plugged.in/api-keys)
What plugged.in MCP Proxy can do in Windsurf
pluggedin_discover_toolsSmart discovery of available tools with caching for instant results; supports force_refresh and per-server discovery via server_uuid.
pluggedin_ask_knowledge_baseRAG search across your documents with AI filtering capabilities.
pluggedin_send_notificationSend notifications with optional email delivery.
pluggedin_create_documentCreate AI-generated documents in your library.
pluggedin_list_documentsList documents with filtering options.
pluggedin_search_documentsSearch for specific documents by query.
pluggedin_get_documentRetrieve a specific document's full content by ID.
pluggedin_update_documentUpdate or append to an existing document.
Security
Requires a PLUGGEDIN_API_KEY from the plugged.in App. The proxy validates commands against an allowlist (node, npx, python, python3, uv, uvx, uvenv), uses execFile() to avoid shell injection, sanitizes arguments and environment variables, and applies SSRF protection on URLs (blocking localhost, private IP ranges, and internal ports). In Streamable HTTP mode, enable --require-api-auth to require a Bearer token; rate limiting (60 tool calls/min, 100 API calls/min) and HTML/XSS sanitization are built in.
plugged.in MCP Proxy + Windsurf FAQ
Where is the Windsurf config file?
Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the plugged.in MCP Proxy config there under the "mcpServers" key and restart the client.
Is plugged.in MCP Proxy safe to use with Windsurf?
Requires a PLUGGEDIN_API_KEY from the plugged.in App. The proxy validates commands against an allowlist (node, npx, python, python3, uv, uvx, uvenv), uses execFile() to avoid shell injection, sanitizes arguments and environment variables, and applies SSRF protection on URLs (blocking localhost, private IP ranges, and internal ports). In Streamable HTTP mode, enable --require-api-auth to require a Bearer token; rate limiting (60 tool calls/min, 100 API calls/min) and HTML/XSS sanitization are built in.
Is this an MCP server or just a proxy?
It is an MCP server that acts as a hub/proxy: it exposes its own built-in tools (discovery, RAG/knowledge, notifications, document management, clipboard memory) and also aggregates and routes to the tools of any downstream MCP servers you've configured in the plugged.in App.
What transports are supported?
It runs as STDIO by default and can also run as a Streamable HTTP server (default port 12006) with optional Bearer-token authentication (--require-api-auth) and a stateless mode. Downstream servers may use STDIO, SSE, or Streamable HTTP.
Do I need an API key?
Yes. A PLUGGEDIN_API_KEY from the plugged.in App is required; the proxy fetches server configurations and discovered capabilities from the plugged.in App's APIs.