Windsurf Configuration

This guide shows you how to configure the Probo MCP Server with Windsurf, Codeium’s AI-powered editor, enabling AI assistance with your compliance data.

Prerequisites

Windsurf editor installed (available at codeium.com/windsurf)
A running Probo instance with API access
API token from your Probo instance

Configuration Steps

1. Generate an API Token

First, generate an API token from your Probo instance:

Log into your Probo web interface
Navigate to Settings → API Tokens
Click “Generate New Token”
Copy the token - you’ll need it for configuration

2. Locate Windsurf Configuration

Windsurf uses a configuration file for MCP servers:

macOS:

~/Library/Application Support/Windsurf/mcp_servers.json

Linux:

~/.config/Windsurf/mcp_servers.json

Windows:

%APPDATA%\Windsurf\mcp_servers.json

3. Configure the MCP Server

Create or edit the configuration file:

{
  "mcpServers": {
    "probo": {
      "url": "https://your-probo-instance.com/api/mcp/v1",
      "headers": {
        "Authorization": "Bearer your_api_token_here"
      },
      "metadata": {
        "name": "Probo Compliance",
        "description": "Access compliance data and manage risks, vendors, and audits"
      }
    }
  }
}

Replace:

https://your-probo-instance.com/api/mcp/v1 with your Probo instance URL
your_api_token_here with the API token you generated

4. Restart Windsurf

After saving the configuration:

Close Windsurf completely
Restart the editor
The Probo MCP server will be loaded automatically

Using Probo in Windsurf

AI Chat Integration

Access Windsurf’s AI chat (default: Ctrl+I or Cmd+I) and interact with compliance data:

You: "Show me all high-priority risks in my organization"

Windsurf: Let me fetch that information from Probo.
[Uses listRisks tool]

Here are the high-priority risks:
1. Vendor data breach (Score: 20)
2. Insufficient access controls (Score: 18)
...

Inline Code Generation

Use Windsurf’s AI assistance while coding:

# Type a comment and press Tab or use Ctrl+I
# Generate compliance report from Probo data

# Windsurf generates:
def generate_compliance_report(organization_id):
    """Generate a comprehensive compliance report."""
    # Fetches data from Probo MCP
    risks = fetch_risks(organization_id)
    vendors = fetch_vendors(organization_id)
    measures = fetch_measures(organization_id)
    # ... continues with implementation

Command Palette

Access Probo functions via Windsurf’s command palette (Ctrl+Shift+P or Cmd+Shift+P):

Search for “Probo”
Execute MCP commands directly
Quick access to compliance tools

Project-Specific Configuration

Create a .windsurf/mcp.json file in your project root:

{
  "mcpServers": {
    "probo": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-fetch",
        "${PROBO_PROJECT_URL}/api/mcp"
      ],
      "env": {
        "PROBO_API_TOKEN": "${PROBO_PROJECT_TOKEN}"
      }
    }
  }
}

Set environment variables in .env:

PROBO_PROJECT_URL=https://project.probo.com
PROBO_PROJECT_TOKEN=your_project_token

Use Cases

Compliance Documentation Generation

Generate documentation using live data:

You: "Create a risk assessment document using current Probo data"

Windsurf:
[Fetches risks, measures, and controls from Probo]
[Generates formatted markdown document]

# Risk Assessment Report
## Executive Summary
...

Smart Code Comments

Add compliance context to your code:

// Ctrl+I: "Add compliance annotations for this data handler"

// Windsurf adds:
/**
 * User Data Handler
 * COMPLIANCE: Handles PII (Personal Identifiable Information)
 * Probo Classification: CONFIDENTIAL
 * Associated Risks: R-001, R-004
 * Required Controls: Encryption at rest, Access logging, Data retention policy
 * Framework: SOC 2 Type II - CC6.1
 */
class UserDataHandler {
  // ...
}

Automated Script Generation

Generate compliance automation scripts:

You: "Write a Node.js script to check all vendors have been reviewed in the last 90 days"

Windsurf:
[Generates complete script using Probo MCP API]

Compliance-Aware Refactoring

Refactor code with compliance in mind:

You: "Refactor this data processing function to meet SOC 2 requirements"

Windsurf:
[Analyzes current code]
[Checks Probo for applicable controls and requirements]
[Suggests refactored version with compliance notes]

Advanced Configuration

Multiple Environments

Configure different Probo instances for various environments:

{
  "mcpServers": {
    "probo-dev": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-fetch", "http://localhost:8080/api/mcp"],
      "env": {
        "PROBO_API_TOKEN": "${PROBO_DEV_TOKEN}"
      },
      "metadata": {
        "name": "Probo Development",
        "description": "Development environment"
      }
    },
    "probo-staging": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-fetch", "https://staging.probo.com/api/mcp"],
      "env": {
        "PROBO_API_TOKEN": "${PROBO_STAGING_TOKEN}"
      },
      "metadata": {
        "name": "Probo Staging",
        "description": "Staging environment"
      }
    },
    "probo-prod": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-fetch", "https://probo.company.com/api/mcp"],
      "env": {
        "PROBO_API_TOKEN": "${PROBO_PROD_TOKEN}"
      },
      "metadata": {
        "name": "Probo Production",
        "description": "Production environment"
      }
    }
  }
}

Custom Workspace Settings

Configure Windsurf workspace settings for compliance projects:

Create .windsurf/settings.json:

{
  "windsurf.mcp.enabled": true,
  "windsurf.mcp.autoComplete": true,
  "windsurf.ai.contextSources": [
    "probo"
  ],
  "windsurf.ai.customInstructions": "Always consider compliance requirements from Probo when generating code. Check for applicable risks, controls, and frameworks."
}

Custom Snippets

Create compliance-specific snippets:

{
  "Probo Risk Check": {
    "prefix": "probo-risk",
    "body": [
      "// Risk Check: ${1:Risk Description}",
      "// Probo Risk ID: ${2:R-XXX}",
      "// Mitigation: ${3:Control measures}",
      "$0"
    ],
    "description": "Add Probo risk annotation"
  },
  "Compliance Query": {
    "prefix": "probo-query",
    "body": [
      "// Query compliance data from Probo",
      "async function query${1:Entity}() {",
      "  // Uses Probo MCP list${1:Entity} tool",
      "  const data = await probo.list${1:Entity}(organizationId);",
      "  return data;",
      "}"
    ],
    "description": "Generate Probo query function"
  }
}

Integration Patterns

React Component with Probo Data

// Ask Windsurf: "Create a React dashboard showing Probo compliance metrics"

import React, { useEffect, useState } from 'react';
import { ProboClient } from './probo-client';

interface ComplianceMetrics {
  openRisks: number;
  implementedMeasures: number;
  overdueObligations: number;
}

export function ComplianceDashboard() {
  const [metrics, setMetrics] = useState<ComplianceMetrics | null>(null);
  const probo = new ProboClient();

  useEffect(() => {
    async function fetchMetrics() {
      // Windsurf generates code using Probo MCP tools
      const risks = await probo.listRisks(orgId);
      const measures = await probo.listMeasures(orgId);
      const obligations = await probo.listObligations(orgId);

      setMetrics({
        openRisks: risks.filter(r => r.status === 'OPEN').length,
        implementedMeasures: measures.filter(m => m.state === 'IMPLEMENTED').length,
        overdueObligations: obligations.filter(o => new Date(o.due_date) < new Date()).length
      });
    }

    fetchMetrics();
  }, []);

  return (
    <div className="dashboard">
      {/* Dashboard UI */}
    </div>
  );
}

Python Automation Script

# Ask Windsurf: "Generate a Python script for daily compliance checks"

import asyncio
from datetime import datetime
from probo_client import ProboClient

async def daily_compliance_check():
    """
    Daily compliance check using Probo MCP.
    Checks for:
    - High-priority risks without mitigations
    - Overdue obligations
    - Vendors needing review
    """
    client = ProboClient()

    # Windsurf generates complete implementation using Probo MCP tools
    risks = await client.list_risks(organization_id)
    obligations = await client.list_obligations(organization_id)
    vendors = await client.list_vendors(organization_id)

    # Analysis and reporting logic
    report = generate_report(risks, obligations, vendors)
    send_notification(report)

if __name__ == "__main__":
    asyncio.run(daily_compliance_check())

TypeScript API Client

// Ask Windsurf: "Create a typed Probo API client"

import type {
  Organization,
  Risk,
  Vendor,
  Measure,
  ListRisksInput,
  AddVendorInput
} from './probo-types';

export class ProboAPIClient {
  private baseURL: string;
  private token: string;

  constructor(baseURL: string, token: string) {
    this.baseURL = baseURL;
    this.token = token;
  }

  async listRisks(input: ListRisksInput): Promise<Risk[]> {
    // Windsurf generates implementation using MCP
  }

  async addVendor(input: AddVendorInput): Promise<Vendor> {
    // Implementation
  }

  // ... more methods
}

Keyboard Shortcuts

Useful Windsurf shortcuts for working with Probo:

Ctrl+I / Cmd+I: Open AI chat
Ctrl+Space: Trigger autocomplete with Probo context
Ctrl+Shift+P / Cmd+Shift+P: Command palette
Alt+Enter: Quick actions and refactoring
Ctrl+/ Cmd+/: Toggle line comment with AI suggestions

Troubleshooting

MCP Server Not Loading

Check Windsurf’s Output panel:

Open Output panel (View → Output)
Select “MCP Servers” from the dropdown
Look for errors related to Probo

View logs:

macOS:

tail -f ~/Library/Logs/Windsurf/mcp-probo.log

Linux:

tail -f ~/.config/Windsurf/logs/mcp-probo.log

Windows:

type %APPDATA%\Windsurf\logs\mcp-probo.log

Authentication Errors

Verify your token is correct:

Check the token in mcp_servers.json
Ensure token hasn’t expired

Test with curl:

curl -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{}' \
  https://your-probo-instance.com/api/mcp/tools/listOrganizations

Reload MCP Servers

Force Windsurf to reload MCP configuration:

Open Command Palette (Ctrl+Shift+P / Cmd+Shift+P)
Type “Reload MCP Servers”
Select the command

Or restart Windsurf completely.

Security Best Practices

Use environment variables for tokens:

{
  "env": {
    "PROBO_API_TOKEN": "${PROBO_TOKEN}"
  }
}

Protect configuration files:

chmod 600 ~/Library/Application\ Support/Windsurf/mcp_servers.json

Don’t commit tokens:
.gitignore
```
.windsurf/mcp.json
.env
*.token
```
Use HTTPS for production instances
Rotate tokens regularly
Review AI-generated code before committing
Limit token scope to minimum required permissions

Tips and Best Practices

AI Context Awareness

Configure Windsurf to always consider compliance:

{
  "windsurf.ai.systemPrompt": "When writing code, always consider compliance requirements. Check Probo for applicable risks, controls, and framework requirements. Suggest security best practices for handling sensitive data."
}

Quick Compliance Queries

Create custom commands for frequent tasks:

“Check vendor review status”
“List overdue obligations”
“Show high-priority risks”
“Generate compliance report”

Documentation Standards

Use Windsurf to maintain compliance documentation:

You: "Update README with current compliance status"

Windsurf:
[Fetches latest data from Probo]
[Updates README with current metrics]

Code Review Assistant

Use AI for compliance-aware code reviews:

You: "Review this PR for compliance issues"

Windsurf:
[Analyzes code changes]
[Checks against Probo risk database]
[Suggests compliance improvements]

Next Steps

Explore all available MCP tools
Try VS Code integration for similar functionality
Check out Cursor configuration
View the API specification

Support

Need help with Windsurf configuration?