Can Levo.ai identify undocumented APIs in my environment?

Yes. Use the `list_catalog_endpoints` tool to see the full inventory auto-discovered by Levo sensors. Your agent can highlight 'Shadow' or 'Zombie' APIs that exist in your infrastructure but are missing from official documentation.

How do I check which endpoints are exposing PII or sensitive data?

The `list_sensitive_data` tool allows your agent to query endpoints categorized by regulated data flows. You'll see which paths are transmitting names, emails, SSNs, or financial data, helping you prioritize compliance audits.

Can my agent generate a live OpenAPI specification for an existing service?

Absolutely. Use the `export_openapi_spec` tool with a specific App ID. Your agent will retrieve a specification derived from actual observed traffic, providing a more accurate reflection of your live API than static files.

Levo.ai (API Security & Observability) MCP Server for Windsurf 10 tools — connect in under 2 minutes

Name: Levo.ai (API Security & Observability)
Availability: InStock
Author: Vinkius

docs.windsurf.com/windsurf/mcp

Built by Vinkius GDPR 10 Tools IDE

Windsurf brings agentic AI coding to a purpose-built IDE. Connect Levo.ai (API Security & Observability) through Vinkius and Cascade will auto-discover every tool. ask questions, generate code, and act on live data without leaving your editor.

Get MCP Server for AI Agents

ASK AI ABOUT THIS MCP SERVER

Open in ChatGPT Open in Claude Open in Perplexity

Vinkius supports streamable HTTP and SSE.

RecommendedModern Approach — Zero Configuration

Vinkius Desktop App

The modern way to manage MCP Servers — no config files, no terminal commands. Install Levo.ai (API Security & Observability) and 2,500+ MCP Servers from a single visual interface.

Download Free Open SourceNo signup required

Classic Setup·json

{
  "mcpServers": {
    "levoai-api-security-observability": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Fully ManagedVinkius Servers

60%Token savings

High SecurityEnterprise-grade

IAMAccess control

EU AI ActCompliant

DLPData protection

V8 IsolateSandboxed

Ed25519Audit chain

<40msKill switch

Stream every event to Splunk, Datadog, or your own webhook in real-time

* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure

About Levo.ai (API Security & Observability) MCP Server

Connect your Levo.ai account to any AI agent and take full control of your API security posture and runtime observability through natural conversation.

Windsurf's Cascade agent chains multiple Levo.ai (API Security & Observability) tool calls autonomously. query data, analyze results, and generate code in a single agentic session. Paste Vinkius Edge URL, reload, and all 10 tools are immediately available. Real-time tool feedback appears inline, so you see API responses directly in your editor.

What you can do

Endpoint Orchestration — List all auto-discovered API endpoints (REST, GraphQL, gRPC) and identify undocumented shadow or zombie APIs directly from your agent
Sensitive Data Audit — Query categorizations for endpoints exposing regulated data flows including PII (names, emails), PHI (medical), and financial boundaries
Vulnerability Management — Monitor active API security vulnerabilities validating against OWASP boundaries, including BOLA instances and broken authentication
OpenAPI Generation — Export live, precisely accurate OpenAPI specifications derived immediately from actual observed traffic rather than static manual definitions
Behavioral Monitoring — Analyze runtime API traffic patterns and anomalous observations detected by live sensors indicating unexpected schema drift
Diagnostic Investigation — Retrieve detailed diagnostic exploitation evidence for specific vulnerabilities to understand root causes and remediation steps

The Levo.ai (API Security & Observability) MCP Server exposes 10 tools through the Vinkius. Connect it to Windsurf in under two minutes — no API keys to rotate, no infrastructure to provision, no vendor lock-in. Your configuration, your data, your control.

How to Connect Levo.ai (API Security & Observability) to Windsurf via MCP

Follow these steps to integrate the Levo.ai (API Security & Observability) MCP Server with Windsurf.

Open MCP Settings

Go to Settings → MCP Configuration or press Cmd+Shift+P and search "MCP"

Add the server

Paste the JSON configuration above into mcp_config.json

Save and reload

Windsurf will detect the new server automatically

Start using Levo.ai (API Security & Observability)

Open Cascade and ask: "Using Levo.ai (API Security & Observability), help me...". 10 tools available

Why Use Windsurf with the Levo.ai (API Security & Observability) MCP Server

Windsurf provides unique advantages when paired with Levo.ai (API Security & Observability) through the Model Context Protocol.

Windsurf's Cascade agent autonomously chains multiple tool calls in sequence, solving complex multi-step tasks without manual intervention

Purpose-built for agentic workflows. Cascade understands context across your entire codebase and integrates MCP tools natively

JSON-based configuration means zero code changes: paste a URL, reload, and all 10 tools are immediately available

Real-time tool feedback is displayed inline, so you see API responses directly in your editor without switching contexts

Levo.ai (API Security & Observability) + Windsurf Use Cases

Practical scenarios where Windsurf combined with the Levo.ai (API Security & Observability) MCP Server delivers measurable value.

Automated code generation: ask Cascade to fetch data from Levo.ai (API Security & Observability) and generate models, types, or handlers based on real API responses

Live debugging: query Levo.ai (API Security & Observability) tools mid-session to inspect production data while debugging without leaving the editor

Documentation generation: pull schema information from Levo.ai (API Security & Observability) and have Cascade generate comprehensive API docs automatically

Rapid prototyping: combine Levo.ai (API Security & Observability) data with Cascade's code generation to scaffold entire features in minutes

Levo.ai (API Security & Observability) MCP Tools for Windsurf (10)

These 10 tools become available when you connect Levo.ai (API Security & Observability) to Windsurf via MCP:

export_openapi_spec

Export a live auto-generated OpenAPI payload specification for an application

get_endpoint_details

Get deep detailed schema structure for a specific discovered API endpoint

get_observation

Get details of a specific runtime anomalous observation

get_vulnerability

Get detailed diagnostic exploitation evidence for a specific API vulnerability

list_applications

List all API applications (services) tracked by Levo.ai

list_catalog_endpoints

Identifies REST, GraphQL, gRPC, and SOAP endpoints — including undocumented shadow and zombie APIs mapped dynamically. List all discovered API endpoints in the Levo.ai catalog

list_environments

List deployment boundaries environments monitored by Levo active sensors

list_observations

List runtime API behavior observations detected by Levo sensors

list_sensitive_data

List categorized API endpoints exposing sensitive or regulated data flows

list_vulnerabilities

List active API security vulnerabilities discovered across all applications

Example Prompts for Levo.ai (API Security & Observability) in Windsurf

Ready-to-use prompts you can give your Windsurf agent to start working with Levo.ai (API Security & Observability) immediately.

"List all discovered API endpoints in our Levo catalog"

"Show me the active OWASP vulnerabilities for the 'Checkout' application"

"Generate a live OpenAPI spec for the 'User Management' service"

Troubleshooting Levo.ai (API Security & Observability) MCP Server with Windsurf

Common issues when connecting Levo.ai (API Security & Observability) to Windsurf through the Vinkius, and how to resolve them.

Server not connecting

Check Settings → MCP for the server status. Try toggling it off and on.

Levo.ai (API Security & Observability) + Windsurf FAQ

Common questions about integrating Levo.ai (API Security & Observability) MCP Server with Windsurf.

How does Windsurf discover MCP tools?

Windsurf reads the mcp_config.json file on startup and connects to each configured server via Streamable HTTP. Tools are listed in the MCP panel and available to Cascade automatically.

Can Cascade chain multiple MCP tool calls?

Yes. Cascade is an agentic system. it can plan and execute multi-step workflows, calling several tools in sequence to accomplish complex tasks without manual prompting between steps.

Does Windsurf support multiple MCP servers?

Yes. Add as many servers as needed in mcp_config.json. Each server's tools appear in the MCP panel and Cascade can use tools from different servers in a single flow.