How to Use the CrowdSec MCP in Windsurf

Q: Can Windsurf block IPs using CrowdSec?

Cascade reads the threat data via getctismoke and getdecisions. It can write block rules in your local code, but it does not directly inject bans into the CrowdSec engine.

Give Windsurf direct access to CrowdSec threat intelligence. Cascade handles the IP checks and config updates automatically.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect CrowdSec MCP to Windsurf

Create your Vinkius account to connect CrowdSec to Windsurf and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup CrowdSec with Windsurf

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Windsurf MCP Server for Threat Intel

Cascade pulls IP reputation data the moment it spots a suspicious address in your server logs. Instead of switching tabs to check a dashboard, your agent runs `get_cti_smoke` right inside the editor. It evaluates the risk score immediately. Once the threat level is confirmed, Windsurf chains the next step. It writes the necessary block rules into your firewall configuration files and commits the changes. You just watch the code appear.

Query Local Security Decisions

Your local CrowdSec instance holds a specific list of banned actors. Windsurf taps into this data using the `get_decisions` tool to audit active blocks. You ask Cascade why a certain subnet is failing, and it checks the LAPI directly. This means debugging network issues happens entirely within your IDE. The agent reads the block list, cross-references your application code, and points out exactly which IP triggered the ban.

Monitor Live Ban Streams

Security events happen in real time. Cascade can watch for new or deleted bans by polling `get_decisions_stream` while you work on other files. It tracks the exact moment a threat actor gets dropped. When a new decision rolls in, Windsurf can automatically update a local blocklist file or trigger a notification script. You set the goal once, and Cascade handles the continuous monitoring.

Setup guide

Set up CrowdSec MCP in Windsurf

Prerequisites

Windsurf IDE installed (macOS, Windows, or Linux)
Active Vinkius subscription with a valid endpoint token

1

Open MCP configuration

Click the Cascade assistant icon in the sidebar, then click the hammer icon (🔨) at the top of the panel. Select "Configure" to open ~/.codeium/windsurf/mcp_config.json.
2

Add the CrowdSec MCP

Paste the JSON snippet shown on the right into the mcpServers object. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Refresh MCPs

Go back to the hammer icon (🔨) in Cascade and click "Refresh". Windsurf will detect the new server. No full restart is needed — the connection is hot-reloaded.
4

Verify in Cascade

Start a new Cascade conversation and ask something like "Show my CrowdSec payment history." If connected, Cascade will call the CrowdSec tools directly. You will see a green dot next to the server name in the MCP panel.

mcp_config.json

{
  "mcpServers": {
    "crowdsec-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by CrowdSec. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect CrowdSec now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about CrowdSec MCP in Windsurf

Open your Windsurf MCP Marketplace for a one-click install. You can also edit `~/.codeium/windsurf/mcp_config.json` manually and hit refresh in the UI.

Cascade reads the threat data via `get_cti_smoke` and `get_decisions`. It can write block rules in your local code, but it does not directly inject bans into the CrowdSec engine.

Context switching kills momentum. Having Cascade pull IP reputation directly into your IDE means you fix security issues exactly where you write code.

The first grabs a static list of current active bans. The stream tool polls the local API for incremental updates, catching new bans or expired ones as they happen.

Vinkius isolates this MCP connection in a V8 sandbox. Windsurf only transmits the specific IP addresses you ask it to check against the CTI database. The session drops immediately after the query finishes, leaving zero persistent access.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript