
How to add Repomix MCP Server to Windsurf
Pack any local or remote repository into one AI-ready file your agent can grep and read incrementally. Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.
Last updated June 14, 2026 · 27k★ · stdio · no auth · official
Windsurf config for Repomix MCP Server
npx -y repomix --mcp{
"mcpServers": {
"repomix-mcp-server": {
"command": "npx",
"args": [
"-y",
"repomix",
"--mcp"
]
}
}
}Setup steps
- 1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
- 2Paste the Repomix MCP Server config below.
- 3Fill in placeholder secrets, then save.
- 4Click Refresh in the MCP panel.
- 5Repomix MCP Server's tools become available to Cascade.
Before you start
- Node.js with npx (or Docker for the ghcr.io/yamadashy/repomix image)
- Git available on PATH for pack_remote_repository
- No API key or account required
What Repomix MCP Server can do in Windsurf
pack_codebasePackage a local directory into a consolidated file with file tree, metrics, and optional Tree-sitter compression.
pack_remote_repositoryClone and package a GitHub repository (user/repo or URL, branch-aware) for analysis.
read_repomix_outputRead a generated output by ID, with optional startLine/endLine range for large files.
grep_repomix_outputRegex search (JavaScript RegExp) within a generated output, with context/before/after lines and case-insensitive option.
file_system_read_fileRead a local file by absolute path with Secretlint validation to block files containing secrets.
file_system_read_directoryList a directory by absolute path with [FILE]/[DIR] indicators.
Security
The server reads your local filesystem and clones remote repos, so scope it to machines where that is acceptable. Built-in Secretlint validation blocks reading files that contain detected secrets, and path validation prevents directory traversal — but packed output can still include any non-secret source you point it at.
Repomix MCP Server + Windsurf FAQ
Where is the Windsurf config file?
Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the Repomix MCP Server config there under the "mcpServers" key and restart the client.
Is Repomix MCP Server safe to use with Windsurf?
The server reads your local filesystem and clones remote repos, so scope it to machines where that is acceptable. Built-in Secretlint validation blocks reading files that contain detected secrets, and path validation prevents directory traversal — but packed output can still include any non-secret source you point it at.
Is Repomix MCP safe for private code?
Reasonably, with caveats. Everything runs locally (or in your Docker container) and nothing is uploaded by Repomix itself; its filesystem tools run Secretlint checks and refuse to read files with detected credentials. The packed output does end up in your LLM context, so the usual provider data policies apply.
Do I need to install Repomix globally first?
No. The documented config uses npx -y repomix --mcp, which fetches and runs the latest version on demand. The npm package repomix is the same binary the CLI uses.
How is this different from just giving the agent filesystem access?
Repomix produces a single structured artifact with a file tree, token metrics, and .gitignore-aware filtering, then lets the agent grep or read line ranges from it. That is cheaper and more deliberate than the agent walking directories file by file, and it works for remote GitHub repos too.