Stow.How to Connect Windsurf to Stow (MCP Setup Guide)
AI AgentsApril 19, 20264 min read

How to Connect Windsurf to Stow (MCP Setup Guide)

Windsurf's Cascade agent supports MCP natively — which means you can route every tool call through Stow's permission and audit layer, the same way Cursor does. Here's the exact setup.

Windsurf

Windsurf's Cascade agent supports MCP, which means every tool call Cascade makes — reading GitHub, querying a database, posting to Slack — can pass through Stow's permission and audit layer. The setup is nearly identical to Cursor. Here's exactly how to do it.

How Windsurf's MCP Works

Windsurf uses an mcp_config.json configuration file to define MCP server connections. It's similar to Cursor's approach — you configure the MCP server endpoint with the connection details, and Windsurf's Cascade agent uses it for tool calls.

One important constraint: Windsurf enforces a 100-tool cap across all connected MCP servers. If you connect multiple servers with large tool sets, you'll hit this limit. Stow's curated service tools generally stay well under this ceiling for typical setups.

Step 1: Create a Stow Agent

Before configuring Windsurf, you need a Stow agent set up with the services you want Cascade to access.

1

Log in to your Stow dashboard

2

Navigate to Agents → Create New Agent

3

Name it something like "Windsurf Agent" or "Cascade Dev"

4

Add the services you want Windsurf to access (GitHub, Neon, Slack, etc.)

5

Configure permissions for each service — which operations are Allowed, Approval Required, or Off

6

Copy the agent_id and agent_secret from the agent settings page

7

Copy the SSE endpoint URL — it will look like https://mcp.stow.so/sse

Step 2: Configure mcp_config.json in Windsurf

Windsurf's MCP configuration file is located at:

~/.codeium/windsurf/mcp_config.json

Open the file and add a new entry under mcpServers. If the file doesn't exist yet, create it with this structure:

{
  "mcpServers": {
    "stow": {
      "serverUrl": "https://mcp.stow.so/sse",
      "headers": {
        "x-agent-id": "YOUR_AGENT_ID",
        "x-agent-secret": "YOUR_AGENT_SECRET"
      }
    }
  }
}

Replace YOUR_AGENT_ID and YOUR_AGENT_SECRET with the values from your Stow agent settings.

Step 3: Restart Windsurf and Verify

1

Restart Windsurf

Close and reopen Windsurf completely. The MCP config is loaded at startup.

2

Check the MCP panel

In Windsurf, open Settings → MCP. You should see "stow" listed as a connected server with a green status indicator.

3

Verify the tool count

The panel will show how many tools are available. If you're near the 100-tool limit, you'll see a warning.

4

Test a tool call

Ask Cascade to do something that requires one of your configured services: "What are the open PRs in my repo?" or "Create a Neon branch for this feature."

Step 4: Set Your Security Baseline

On first connection, Stow will prompt you to confirm the Security Baseline for this agent. The Baseline defines the maximum permission scope — what the agent can access, what requires approval, and what's permanently off.

For a Windsurf/Cascade dev agent, a typical baseline looks like:

GitHub: Read repos, PRs, issuesAllowed
GitHub: Create branches, open PRsAllowed
GitHub: Merge PRsApproval Required
GitHub: Delete reposOff
Neon: Create branchesAllowed
Neon: Access main branch directlyOff
Slack: Post to channelsApproval Required

The 100-Tool Cap: What to Know

Windsurf limits MCP tool registrations to 100 total across all connected servers. Each Stow service integration exposes a set of tools — typically 5–15 per service. With 5–6 connected services, you'll be in safe range. With 10+ services, watch the count.

Connect only what you need

If Cascade only needs GitHub and Neon for your current project, don't add Slack and Gmail. You can always add services later.

Check the MCP panel tool count

Windsurf shows the total registered tool count. If you're near 100, remove unused server connections first.

One Stow agent per project context

Create separate Stow agents with different service sets for different project types — a backend agent, a marketing agent, etc.

Off permissions don't count as tools

Operations set to Off in Stow aren't registered as available tools, so they don't count against the cap.

Example Prompts to Try

"List the open PRs in my repo and summarize what each one does"
"Create a Neon branch called feature-auth for my current work"
"Check the latest Vercel deployment status"
"Draft a Slack update for #engineering about what I worked on today"

Windsurf. Controlled.

Connect Cascade to every service it needs — with granular permissions and a full audit trail on every tool call.

S

Stow Security Team

April 19, 2026