Windsurf Integration – AWS Security Data in Your AI IDE
Windsurf is an AI-native IDE from Codeium. With TroveSec connected, you can ask security questions, review findings, and get remediation code inline as you work — without switching context.
Prerequisites
Section titled “Prerequisites”- Windsurf installed
- A TroveSec account with at least one completed scan
- A TroveSec API key — generate one under Integrations → API Keys
-
Open the Windsurf MCP config file
Terminal window # macOS / Linux~/.codeium/windsurf/mcp_config.json# Windows%USERPROFILE%\.codeium\windsurf\mcp_config.jsonCreate the file if it doesn’t exist.
-
Add the TroveSec server block
{"mcpServers": {"trovesec": {"command": "npx","args": ["mcp-remote","https://mcp.trovesec.io/mcp","--header","Authorization:Bearer ${AUTH_TOKEN}"],"env": {"AUTH_TOKEN": "cs_live_xxx"}}}}Replace
cs_live_xxxwith your API key. -
Restart Windsurf
Fully quit and reopen Windsurf. TroveSec tools will be available in the Cascade AI panel.
-
Verify
In the Cascade panel, type: “What are my critical AWS findings?”
Cascade should call
get_findingsand return real data from your latest scan.
Why this is useful in an IDE
Section titled “Why this is useful in an IDE”- Ask “is there anything wrong with how I’ve configured this S3 bucket?” and TroveSec can confirm against your actual findings
- Get remediation CLI commands and Terraform snippets directly in the editor where you’re making the fix
- After a deploy, trigger a scan and check for new findings without leaving Windsurf
Example prompts
Section titled “Example prompts”- “What findings do we have in IAM right now?”
- “Show me the remediation Terraform for the top critical finding”
- “Did anything regress after the last deploy?”
- “What’s blocking our SOC2 certification?”
See also
Section titled “See also”- MCP Integrations Overview — how TroveSec’s MCP connection works
- Tools Reference — all 16 tools with example prompts
- Finding Lifecycle — query what changed since your last scan