Home / Integrations / Windsurf
// INTEGRATION

Use Intercept with Windsurf

Add policy enforcement to Windsurf in one line.

Config file: ~/.codeium/windsurf/mcp_config.json

// BEFORE

A standard MCP server in your Windsurf config -- no controls.

mcp_config.json 
{
  "mcpServers": {
    "postgres": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-postgres", "postgresql://localhost/mydb"],
      "env": {}
    }
  }
}
// WITH INTERCEPT

Wrap the server command with Intercept. Same config structure, policy enforced.

mcp_config.json 
{
  "mcpServers": {
    "postgres": {
      "command": "npx",
      "args": [
        "-y", "@policylayer/intercept",
        "-c", "policy.yaml",
        "--",
        "npx", "-y", "@modelcontextprotocol/server-postgres",
        "postgresql://localhost/mydb"
      ],
      "env": {}
    }
  }
}
// WHAT YOU GET
Rate limits
Cap tool calls per minute, hour, or day
Access controls
Allow, deny, or conditionally gate any tool
Spend caps
Limit financial operations with daily thresholds
Audit logs
Full trace of every tool call and policy decision
// EXAMPLE POLICY
policy.yaml 
version: "1"
default: deny

tools:
  list_customers:
    rules:
      - action: allow
        rate_limit: 30/minute

  create_refund:
    rules:
      - name: "daily cap"
        rate_limit: 10/day

  delete_repository:
    rules:
      - action: deny
// INSTALL
npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.